On Thu, Sep 02, 1999, Andrew J. Korty wrote: > > > You realise that this kind of stuff can be done in kernelspace, > > > without needing yet another setuid binary/binaries.. > > > > Well, sysctl with list of pathes for user mounts looks good. > > Configuration is simple and can be easliy changed at runtime. It is > > always better to avoid setuid'ed binaries, this is more worse that > > mount(8) can execute other mount_* binaries. > > My code provides needed features that all implementations I've seen > of the sysctl approach do not. Our users need to mount removable > volumes just by clicking on a KDE icon, without having to know what > type of filesystem is present on the media. Non-console users > should not be permitted to mount removable volumes. Both of these > features are provided by my patch, which I have had in production > since I submitted it.
There are saner ways than using a suid binary. Countering your arguement.. sysctl -w vfs.usermount="/floppy:/cdrom" And they can mount/umount at whim if they own the mountpoint/have done the mount (and the permission checking can be extended to suit..) Then all you need to do is think of a sane way to chown console devices (floppy, cdrom, etc..) to the user when they login? Perhaps an extension to login/xdm/whatever kde uses ? All I'm saying is there has to be a better way to solve a problem using an iron pole, regardless of whether its first stuck inside a nerf dart. Adrian To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message