# A security quetion.



## fender0107401 (Nov 21, 2009)

According the handbook "18.5.2 Testing the Configuration"

To mount an usb device, I need create a directory in /mnt and set the permission like this:

```
# mkdir /mnt/username
# chown username:usergroup /mnt/username
```
Let us assume the username is fender_01.
So, now as an unprivileged user I can cp a file to "/mnt/fender_01".
The preoblem is if I didn't mount anything to that directory and didn't create a partition for "/mnt "directory, I can easyly fill the "/" directory by cp some large file to "/mnt/fender_01". 

Let us try.

before cp:

```
df -h
Filesystem      Size    Used   Avail Capacity  Mounted on
[color="Red"]/dev/ad12s1a    989M     37M    873M     4%    /[/color]
devfs           1.0K    1.0K      0B   100%    /dev
/dev/ad12s1g    237G     17G    202G     8%    /home
/dev/ad12s1e    3.9G    166K    3.6G     0%    /tmp
/dev/ad12s1f     39G    5.1G     31G    14%    /usr
/dev/ad12s1d    3.9G     58M    3.5G     2%    /var
procfs          4.0K    4.0K      0B   100%    /proc
```

after cp a movie to "mnt/fender_01":


```
du -h Seven_Habits.avi 
507M	Seven_Habits.avi
cp Seven_Habits.avi /mnt/fender_01
df -h
Filesystem      Size    Used   Avail Capacity  Mounted on
[color="Red"]/dev/ad12s1a    989M    544M    366M    60%    /[/color]
devfs           1.0K    1.0K      0B   100%    /dev
/dev/ad12s1g    237G     17G    202G     8%    /home
/dev/ad12s1e    3.9G    166K    3.6G     0%    /tmp
/dev/ad12s1f     39G    5.1G     31G    14%    /usr
/dev/ad12s1d    3.9G     58M    3.5G     2%    /var
procfs          4.0K    4.0K      0B   100%    /proc
```

So, I think this is a security problem.


----------



## graudeejs (Nov 21, 2009)

Look at this thread.
http://forums.freebsd.org/showthread.php?t=8390&highlight=mount
and especially read carefully my 2nd post [Look at commands]

I think that will answer your question.


Did you get it?
Or should I explain?


----------



## fender0107401 (Nov 21, 2009)

killasmurf86 said:
			
		

> Look at this thread.
> http://forums.freebsd.org/showthread.php?t=8390&highlight=mount
> and especially read carefully my 2nd post [Look at commands]
> 
> ...



I know how to mount cdrom or usb.
I just think create a directory in /mnt/ for an normal user will cause some security problem.


----------



## graudeejs (Nov 21, 2009)

OK, I'll explain.
You don't allow users to use common mountpoint, especially somewhere in root.
You let them mount media only to directory in their home.

Now you should use separate /home, or set quotas for it.
This way, user can't fill root, but can only fill his own space.

Personally I `$ chmod o= /mnt` so normal user can't even read it (because I mount backup media there, when I backup system).

Well on this computer I'm the only one using it, but it's good to have habits like this when you work as admin [I think]


----------



## fender0107401 (Nov 21, 2009)

I have been tried mount them in my home directory, but look this:


```
mount_cd9660 /dev/acd0 mnt/
umount mnt/
umount: unmount of /home/fender/mnt failed: Device busy
```

I can mount them to /tmp/some_dir and umount them, however I can't umount them if I mount them to home/mnt. 

What is the difference between different mount point?
I run gnome as desktop, so I think if I run freebsd without X and "hal" I can aboid this problem(i can't umount them if i mount them ito /home/mnt).
to make hal ignore "da" and "acd" I set two file according to this http://www.freebsd.org/gnome/docs/halfaq.html#q2

```
> pwd
/usr/local/share/hal/fdi/preprobe/20thirdparty
> cat *
<?xml version="1.0" encoding="UTF-8"?>

<deviceinfo version="0.2">
  <device>
    <match key="freebsd.driver" string="da">
      <merge key="info.ignore" type="bool">true</merge>
    </match>
  </device>
</deviceinfo>
<?xml version="1.0" encoding="UTF-8"?>

<deviceinfo version="0.2">
  <device>
    <match key="freebsd.driver" string="acd">
      <merge key="info.ignore" type="bool">true</merge>
    </match>
  </device>
</deviceinfo>
```


----------



## graudeejs (Nov 21, 2009)

I don't use Desktop Environments, so I can't help here much.

But I think under gnome, it mounts media automatically, and you get icon of mounted media. You can right click on it and in menu you'll see unmount.
I think you need to use that to unmount media under gnome [That is if it's automatically mounted]

Fact that media is auto mounted could also explain Device busy error, when you try to mount manually.

It doesn't matter where you mount media, behavior is always the same, but as you pointed in your 1st post, not everywhere you mount media can be safe  better mount it in your home


----------



## fender0107401 (Nov 21, 2009)

Let me summarize:
1. I think the following instruction in handbook "18.5.2 Testing the Configuration" is not perfect.

```
# mkdir /mnt/username
# chown username:usergroup /mnt/username
```
Because if mkdir in "/mnt" for a normal user and give them permission, the normal user can fill "/".

2. I created a "mnt" in my home and want mount cdrom and usb device to my home's mnt to avoid this problem, but I got another problem(can mount but can't umount).

I have been try mount cdrom and usb to /tmp/some_dir, and everything is ok.

So there are some difference betteen different mount poits. This may be caused by "hal". 

But I think there are no any difference betten two mount points.


----------



## graudeejs (Nov 21, 2009)

Yes, I find that example bad.
Shall you send pr or should I send?


----------



## graudeejs (Nov 21, 2009)

check permission and group of ~/mnt
check that user that tries to mount media to ~/mnt belongs to group mentioned in /etc/devfs.rules
check that device  actually has the right group, and that this group has w/r permission to it


----------



## graudeejs (Nov 21, 2009)

you can log out of gnome,
press ctrl+alt+f1, login in console, insert cd/flash and then try to mount media.
This way, gnome & hal should stay in your way....


----------



## graudeejs (Nov 21, 2009)

I've send pr
http://www.freebsd.org/cgi/query-pr.cgi?pr=140754


----------



## fender0107401 (Nov 21, 2009)

killasmurf86 said:
			
		

> I've send pr
> http://www.freebsd.org/cgi/query-pr.cgi?pr=140754



good good. :e


----------



## jalla (Nov 21, 2009)

killasmurf86 said:
			
		

> I've send pr
> http://www.freebsd.org/cgi/query-pr.cgi?pr=140754



Why bother. The fact that someone can fill your root partition is something you have to live with. It's one of the reasons for reserving 8% of space for root only.

Or do you propose to make /tmp read-only as well?


----------



## graudeejs (Nov 21, 2009)

I dunno about you, but I always make separate /tmp

and when I was using UFS, I did crazy things with GPT partitions 


now I use zfs and I still create separate tmp


----------



## jalla (Nov 21, 2009)

killasmurf86 said:
			
		

> I dunno about you, but I always make separate /tmp
> 
> and when I was using UFS, I did crazy things with GPT partitions
> 
> ...



I see your point, and with zfs it's really practical to have lots of partitions. Personally I'm not ready to go for zfs all the way (I run my machines on 7.2/i386 for now).

OTOH I regularly use root partitions of 4Gb these days, mainly because I do frequent snapshots and keep them for a few weeks, but it also gives me some headroom should I do something stupid that would normally fill my root.


----------

