because I didn't have '/usr/etc' in the path when the sudo was run.
It seems mount calls external programs for all but the basic file system
types, and DOES NOT USE AN ABSOLUTE PATH. This, it seems to me and to
some others, is a security exposure. Gregg Siegfried has reported it to CERT.
Thanks to all the many people who replied. I also got a number of
responses to the question of a more secure way to do mounts, including a
number of C programs. This summary was delayed because I had hoped to
try some of them out, and also some of the network accessible packages, and
provide you with some evaluations. It does not look like I'll be able
to do that anytime soon, however. If anyone is interested in the C code
collection, please email me. The net accessible packages mentioned were:
mtools Not for mount/unmout, rather to read/write without mounting.
mntdisk Also handles cdroms
usermount fly.bio.indiana.edu:/util/unix/sun-usermount.tar.Z
iros1.iro.umontreal.ca:/pub/Internet/usermount.tar.Z
psuvax1.cs.psu.edu:/pub/src/usermount.tar.Z
Also mail me if you for some reason want to see the complete set of
responses. I will save them for a couple weeks.
-- david david@staff.udc.upenn.edu
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:32 CDT