Mounting removable devices
Dear All ,
To mount removable devices , a user ( NOT root ) requires the following
parameter
vfs.usermount=1
in
/etc/sysctl.conf
..
A warning is specified in
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/usb-disks.html
about its security vulnerabilities .
Instead of using
vfs.usermount=1
for this purpose , a new parameter may be defined as follows :
vfs.removablemount=1
..
If
vfs.usermount=1
is found in /etc/sysctl.conf , then
vfs.removablemount=1
may be assumed , if it is not present in /etc/sysctl.conf .
I prefer separate usage :
vfs.usermount=1 for ONLY fixed devices ,
vfs.removablemount=1 for ONLY removable devices .
A developer knowing the usage of vfs.usermount in FreeBSD sources
may easily implement vfs.removablemount .
Such an implementation will fix security vulnerability caused by
using vfs.usermount=1 for
removable devices .
Sometimes , it may be necessary to restrict mount of removable devices
due to security requirements . Therefore , supplying a vfs.removablemount=
{ 0 or 1 }
may be a useful improvement .
I am NOT able to supply a patch about this because I do NOT know sources
sufficiently well .
Thank you very much .
Mehmet Erol Sanliturk
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"