Cdrom accessible for users ?

Cdrom accessible for users ?

Post by Martin Zabada » Sat, 11 Sep 1999 04:00:00



Hi
How can i make cdrom accessible for users ?
Normally only root can mount /dev/cd0.
Is there any possibility user can automount cdrom ?
(for exmaple: from Midnight Commander)

Any suggestions would be appreciate

Martin

 
 
 

Cdrom accessible for users ?

Post by Joe Moo » Sat, 11 Sep 1999 04:00:00


Here is a C program that I wrote for my users.  It unmounts /cdrom, opens
the CD tray, and mounts /cdrom again when the user presses enter.

Feel free to modify/improve it as necessary for your uses.

Install it setuid, owner root.


Quote:>Hi
>How can i make cdrom accessible for users ?
>Normally only root can mount /dev/cd0.
>Is there any possibility user can automount cdrom ?
>(for exmaple: from Midnight Commander)

>Any suggestions would be appreciate

>Martin

---CUT HERE---
/* allow any user to change the cdrom */

#include <stdio.h>
#include <sys/errno.h>

#include <fcntl.h>
#include <sys/devinfo.h>
#include <sys/scsi.h>
#include <sys/scdisk.h>

#include <sys/vmount.h>

int main(void)
{
        int FD;
        int rc;

        rc = umount ("/dev/cd0");
        if (rc != 0 && errno != EINVAL) {
                /* Error -- Go no further */
                perror("Error unmounting /dev/cd0");
                exit(1);
        }

        else if ( rc == 0 ) {
                printf("Ejecting the CD\n");
                /* Then we unmounted the disc, pop it out. */
                FD = open("/dev/cd0", O_RDONLY);
                if (FD == -1) {
                        perror("Error opening device file");
                }
                rc = ioctl(FD, DKEJECT, NULL);
                if (rc != 0) {
                        perror("Error ejecting the CD");
                }
                close(FD);

                printf("Press Enter when new CD is available\n");
                getchar();
        }

        system("mount /dev/cd0");

        return 0;

Quote:}

---END---

--
I think the key thing to remember is that the http: at the front of
a "Web address" stands for Hyper TEXT Transfer Protocol.

<img src="d.gif" alt="d"><img src="u.gif" alt="u"><img src="h.gif" alt="h">

 
 
 

Cdrom accessible for users ?

Post by Fred Huc » Tue, 14 Sep 1999 04:00:00



>Here is a C program that I wrote for my users.  It unmounts /cdrom, opens
>the CD tray, and mounts /cdrom again when the user presses enter.
>Feel free to modify/improve it as necessary for your uses.
>Install it setuid, owner root.


>>Hi
>>How can i make cdrom accessible for users ?
>>Normally only root can mount /dev/cd0.
>>Is there any possibility user can automount cdrom ?
>>(for exmaple: from Midnight Commander)

>>Any suggestions would be appreciate

>>Martin

>---CUT HERE---
>/* allow any user to change the cdrom */

>#include <stdio.h>
>#include <sys/errno.h>
>#include <fcntl.h>
>#include <sys/devinfo.h>
>#include <sys/scsi.h>
>#include <sys/scdisk.h>
>#include <sys/vmount.h>
>int main(void)
>{
>    int FD;
>    int rc;
>    rc = umount ("/dev/cd0");
>    if (rc != 0 && errno != EINVAL) {
>            /* Error -- Go no further */
>            perror("Error unmounting /dev/cd0");
>            exit(1);
>    }
>    else if ( rc == 0 ) {
>            printf("Ejecting the CD\n");
>            /* Then we unmounted the disc, pop it out. */
>            FD = open("/dev/cd0", O_RDONLY);
>            if (FD == -1) {
>                    perror("Error opening device file");
>            }
>            rc = ioctl(FD, DKEJECT, NULL);
>            if (rc != 0) {
>                    perror("Error ejecting the CD");
>            }
>            close(FD);
>            printf("Press Enter when new CD is available\n");
>            getchar();
>    }

>    system("mount /dev/cd0");
>    return 0;
>}
>---END---

Hi.

This is a classical security hole! Please change the line

        system("mount /dev/cd0");

to something like

        execl("/usr/sbin/mount", "mount", "-o", "nosuid,nodev", "/dev/cd0");

else the program may not mount a cd but format your hard disk (or even
worse). Imagine the user has a program named mount in her path...

Fred
--
Fred Hucht, Institute of Theoretical Physics, University of Duisburg, Germany

"Der Koerper der algebraischen Zahlen ist kein algebraischer Zahlkoerper"
(E. Landau, Zahlentheorie (1927), Satz 718)

 
 
 

Cdrom accessible for users ?

Post by Joe Moo » Fri, 17 Sep 1999 04:00:00




>Hi.

>This is a classical security hole! Please change the line

>    system("mount /dev/cd0");

>to something like

>    execl("/usr/sbin/mount", "mount", "-o", "nosuid,nodev", "/dev/cd0");

>else the program may not mount a cd but format your hard disk (or even
>worse). Imagine the user has a program named mount in her path...

The problem being the lack of the full path?  I understand that problem.
(and fixed it in v2.0) Is there something bigger that I should watch out for?

I (as root, and to set this up) created the mount point, and added the entry
into /etc/filesystems with the nosuid,nodev options.

This is so that changes to /etc/filesystems (for example to enable extensions
or to change the mountpoint) could be done without recompiling the user-level
mounter.

here is the stanza from /etc/filesystems:
/cdrom:
        dev             = /dev/cd0
        vfs             = cdrfs
        mount           = false
        options         = ro,nodev,nosuid
        account         = false

I guess I don't know why execl() would be more secure than
system("/usr/sbin/mount /dev/cd0").

--Joe
--
I think the key thing to remember is that the http: at the front of
a "Web address" stands for Hyper TEXT Transfer Protocol.

<img src="d.gif" alt="d"><img src="u.gif" alt="u"><img src="h.gif" alt="h">

 
 
 

1. CDROM not accessible except by root

OK - I know I saw a post relating to this awhile back, but I didn't see
a solution. I have the March '95 Infomagic distribution of Slackware, and
it's all nicely installed. The problem is that the CDROM (SCSI) is always
mounted with permissions which deny access to all but root. These permissions
cannot be changed with chmod because it yields an error since it is a read-
only file system. I've figured out how to define the mount table so that
mortal users can mount the CDROM - but they still can't read it afterwards!

Oh and of course I've tried changing the permissions of the directory onto
which the CDROM gets mounted - but, the mount changes them back. So, how
do I stop mount from doing this?

2. Viewing Gif anf JPEG files under LINUX.

3. CDROM not accessible. Help!

4. mail problem

5. CDROM -- not accessible after upgrade

6. kde 3.0 quits after installing suse 8.0 at the first startup

7. My web site not accessible by 1% of users

8. Newbie Patching Question

9. KDE: make CD accessible to all users?

10. Making Hardware accessible to other users??

11. SS20: audio devices not accessible for users

12. kernel ring buffer accessible by users

13. Have a directory accessible to a specific user