Removable media security in FreeBSD
zk at wspim.edu.pl
Mon Jun 9 06:39:37 PDT 2003
On Sun, Jun 08, 2003 at 11:57:04AM -0400, Robert Watson wrote:
> If the definition of the policy really means "any user who can log in at
> the console", I'd change the chown/chmod bits to a pointer to fbtab, and
> use vfs.usermount.
The problem with fbtab: i want to give mount permission to some console user
and not to the other.
And what about xdm. Is there any solution besides changing scripts
> On the "SECURE" front -- well, it depends a bit on how robust our file
> system support is. Bad UFS file systems can cause the FreeBSD kernel to
> behave improperly, since it's assumed that file systems will be clean or
> explicitly checked before mounting. I've never really experimented much
> with our FAT file system support to see how robust it is; we have a
> 5.2-RELEASE TODO list item to merge some robustness improvements from the
> Darwin implementation back into FreeBSD, which suggests our implementation
> could be improved on :-). I believe our usermount support carefully sets
> nodev, nosuid, etc, on any file systems mounted by root, but haven't
> tested that in a bit.
More information about the freebsd-security