Mounting removable devices
Mehmet Erol Sanliturk
m.e.sanliturk at gmail.com
Fri Apr 27 23:48:21 UTC 2012
Dear All ,
To mount removable devices , a user ( NOT root ) requires the following
parameter
vfs.usermount=1
in
/etc/sysctl.conf
.
A warning is specified in
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/usb-disks.html
about its security vulnerabilities .
Instead of using
vfs.usermount=1
for this purpose , a new parameter may be defined as follows :
vfs.removablemount=1
.
If
vfs.usermount=1
is found in /etc/sysctl.conf , then
vfs.removablemount=1
may be assumed , if it is not present in /etc/sysctl.conf .
I prefer separate usage :
vfs.usermount=1 for ONLY fixed devices ,
vfs.removablemount=1 for ONLY removable devices .
A developer knowing the usage of vfs.usermount in FreeBSD sources
may easily implement vfs.removablemount .
Such an implementation will fix security vulnerability caused by
using vfs.usermount=1 for
removable devices .
Sometimes , it may be necessary to restrict mount of removable devices
due to security requirements . Therefore , supplying a vfs.removablemount=
{ 0 or 1 }
may be a useful improvement .
I am NOT able to supply a patch about this because I do NOT know sources
sufficiently well .
Thank you very much .
Mehmet Erol Sanliturk
More information about the freebsd-current
mailing list