Hello guys !
I would like to discuss with you about the security policy of the following two scenarios that can be used for mounting a attached device’s filesystem.
Lets consider a NTFS filesystem (this require sysutils/ntfs-3g drive installed).
Lets consider the user jerry@maja for convenience.
First scenario.
Second scenario.
As you can see, in the first case jerry is enabled (by root) to execute the ntfs-3g program as owner.
In the second one, the owner is root and jerry needs of su to run the ntfs program.
More: in the first case, the read-only condition has been set by umask=0773, without specify the ‘ro’ option; in the second one, the read-only condition is set with the ‘ro’ option and umask is set to allow any rwx operation for any user.
QUESTIONS.
1 – Is it more secure the first form or the second one ?
2 – Regarding the second case. In a previous post (root and non-root users: what the differences) ralphbsz says: “The su starts a shell as the root user, and then directs the shell to execute the command”.
If it’s so, can be there a remote possibility that, when jerry starts the shell as su, other programs (that I don’t know) can do writing access to the attached device, modifying the metadata of the files stored in the device ?
3 – or simply the two forms are equivalent and interchangeable ?
I apologize with you, but my knowledge of the source code of the ntfs-3g are limited. So it's a pleasure for me discuss with you this questions.
Thanks in advance.
I would like to discuss with you about the security policy of the following two scenarios that can be used for mounting a attached device’s filesystem.
Lets consider a NTFS filesystem (this require sysutils/ntfs-3g drive installed).
Lets consider the user jerry@maja for convenience.
First scenario.
Code:
jerry@maja:/ % ls -l ntfs-3g
-r-x------ jerry maia ………. ntfs-3g
jerry@maja:/ % ntfs-3g -o noatime,umask=0773 /dev/ada1p1 /mnt
Code:
jerry@maja:/ % ls -l ntfs-3g
-rwxr-x r-x root operator ………. ntfs-3g
jerry@maja:/ % su ntfs-3g -o ro,noatime,umask=0000 /dev/ada1p1 /mntIn the second one, the owner is root and jerry needs of su to run the ntfs program.
More: in the first case, the read-only condition has been set by umask=0773, without specify the ‘ro’ option; in the second one, the read-only condition is set with the ‘ro’ option and umask is set to allow any rwx operation for any user.
QUESTIONS.
1 – Is it more secure the first form or the second one ?
2 – Regarding the second case. In a previous post (root and non-root users: what the differences) ralphbsz says: “The su starts a shell as the root user, and then directs the shell to execute the command”.
If it’s so, can be there a remote possibility that, when jerry starts the shell as su, other programs (that I don’t know) can do writing access to the attached device, modifying the metadata of the files stored in the device ?
3 – or simply the two forms are equivalent and interchangeable ?
I apologize with you, but my knowledge of the source code of the ntfs-3g are limited. So it's a pleasure for me discuss with you this questions.
Thanks in advance.
