Once again, this net is great!
Thanks to everyone who replied. I got more than 3 requests for a summary so
here it is.
This is my original question:
> Hi,
>
> I saw floating on this net around a month ago messages concerning the problem
> of root privilege required to mount and dismount the floppy drive on a
> Sparcstation2. I didn't see any summary ( or maybe I missed it !). Is
> there a work around? Thanks ahead of time for any assistance. Please mail
> replies directly to me and I will post summary if there is large demand for
> one. Thanks again!
>
> Huong (hton@bbn.com)
**From a SUN Hotline support person
Put any entry in the fstab for the floppy device so that it will be
automatically mounted when the system boots. Then anyone can write/eject
the floppy( gotta make sure you have YOUR floppy in the drive )
without root privelege. The man page for eject does NOT recommend you
eject any filesystem that is mounted however.
**From Wilhelm Methfessel meth%uebemc@ztivax.siemens.com
I made two small programs, that execv the mount/umount command.
These programs are installed with SUID root. The source of one of them
is included, the second is very! similar :-)
#------------------------------------
#include <stdio.h>
char path[] = "/usr/etc/mount";
char *argv[3];
char arg0[] = "mount";
char arg1[] = "/pcfs";
main()
{
argv[0] = arg0;
argv[1] = arg1;
argv[2] = NULL;
execv(path,argv);
}
#----------------------------------
If anybody sees security holes in my solution I would like to hear about them.
Wilhelm Methfessel UUCP: uunet|mcsun!unido!ztivax!uebemc!meth
Siemens AG, UEB EMC 41 meth%uebemc@ztivax.UUCP
Hofmannstrasse 51 Internet: meth%uebemc@ztivax.siemens.com
8000 Muenchen 70 Phone: +49 89 722 42351
**From Sven Ole Skrivervik svenole@sdata.no
Write a small program that calls mount and another that calls umount.
Make them suid to root. Just make sure that users know about the problems
they are causing if they ejects the floppy before umounting. Here's the
program that mounts the floppy. Remember that the floppy needs to be a
dos floppy:
anda% more pcm.c
#include <stdio.h>
main()
{
int test;
switch (fork()){
case -1:
printf("ERROR\n");
case 0:
execl("/usr/etc/mount","mount","-t","pcfs",
"/pcfs",NULL);
default:
wait();
}
}
anda%
Rgds.
---- Sven Ole Skrivervik ######### Skrivervik Data A/S Manager Software Support ## Peter M|llers Veg 12 email: svenole@sdata.no ## ##### Box 123, Refstad ##### ## 0513 OSLO 5 Dir. dial: +47 2 152900 (262) ## Tlf: +47 2 156393 ######### Fax: +47 2 220326**From Darcy Barnett pdb@laurel.cam.nist.gov
Use a script like this:
#! /bin/csh -b # pdb 910416 # /usr/etc/mount -t pcfs -o rw /dev/fd0 /pcfs exit
or a csh program like this:
/* program to mount floppy disk to avoid setuid script P.D. Barnett 910510 */ main() { int status; status=system("/usr/etc/mount -t pcfs -o rw /dev/fd0 /pcfs"); }
But be sure to:
chmod 6755 mount-fd chown root mount-fd
And put the mount-fd script or compiled program in a directory on the user's path such as /usr/local/bin at our site.
**From Lars Nilsson etxsral@california.ericsson.se
Hi
I think that it would be possible to create two special users with uid 0 or 1 and use the proper mount / umount commands as the shell.
An example on this is the sync user. I have done similar for the halt command so that the user with a diskfull WS can do a proper power-down without needing to know the root-password.
/Lars Nilsson
-- Lars Nilsson Ericsson Telecom AB , Stockholm - Sweden E-mail: etxsral@california.ericsson.se Fidonet: Lars Nilsson @ 2:201/108.7
**From Anthony A. Datri datri@concave.convex.com
People supplied various scripts and peices of code. Personally, I'd just turn the suid bit on on the mount binary.
Fly to the sky on GI-GI____________ and shout to datri@convex.com
**From Jim Napier napier@ames.ucsd.edu, jnapier@ucsd.edu, ...!ucsd!jnapier
At a Sun product conference I went to just yesterday they mentioned this problem and the only workaround they talked about was a third party software package that allows you to do this without root priviledges. I don't remember the name but I can find out if you're interested.
Jim Napier Programmer/Analyst Applied Mechanics & Engineering Sciences Dept. U.C. San Diego (619)534-5414 napier@ames.ucsd.edu, jnapier@ucsd.edu, ...!ucsd!jnapier
**From Emmett Hogan
I have written a PERL script to mount/eject floppies and cd's as a normal user. It will mount UNIX floppies, DOS floppies (if you have SunOS 4.1.1) and SUN cd's (hs file system). It will also format the DOS floppies and place a file system on the UNIX floppies if they don't already have one. To use it you need perl, plus a perl program from the nutshell book which builds a setuid C wrapper for the perl script. I am writing up a man page/README for it today and plan to post it to comp.sources.perl and comp.sources.misc soon...if you like I can send you a copy to test out for me.
-Emmett
------------------------------------------------------------------- Emmett Hogan Computer Science Lab, SRI International Inet: hogan@csl.sri.com UUCP: {ames, decwrl, pyramid, sun}!fernwood!hercules!hogan USMAIL: EL231, 333 Ravenswood Ave, Menlo Park, CA 94025 PacBell: (415)859-3232 (voice), (415)859-2844 (fax) ICBM: 37d 27' 14" North, 122d 10' 52" West -------------------------------------------------------------------
**From Brian Smith brsmith@cs.umn.edu
On titan.rice.edu, there is a program called "fdmount". It must be installed set-uid root (so you do need root permissions at least once), but then can be run by any user to mount a floppy.
To unmount and eject the floppy, just use the SunOS eject command. If you're running SunOS 4.1 or higher, you will have to make eject set-uid root first. 'eject' contains the necessary code to unmount the disk, but Sun evidently considered it a security risk.
fdmount was written under SunOS 4.0.3, and hasn't been updated to 4.1.1, but it *should* work. It will only mount the disk as a Unix filesystem, however. You'd have to modify it to mount MS-DOS disks.
I really should get around to re-writing it one of these days... -- Brian brsmith@cs.umn.edu
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:13 CDT