techno@crosslink.net wrote:
Out of the box, SuSE 6.3 allows global rw access on the primary and secondary floppy drive (/dev/fd0 and /dev/fd1). Because devices can be written to directly, just like anything else, the floppy drives do not need to be mounted for any user to write data to a disk that has been left in the drive. Depending on the systems setup, this can be a very malicious tool. If the system boots SuSE directly from a floppy disk, chances are the disk is left in the drive while the system is up. If a user were to log on, and decide to use 'dd' (amongst a variety of other tools, or even just a 'cat FILE > /dev/fd0') the boot floppy would be ruined. A lazy sysadmin who didn't check the logs would not see that the bootdisk had been ruined, and upon reboot, may find himself with a dead box until the disk can be replaced. This is just one scenario where the weak perms on the devices can be dangerous.
The permissions on SuSE 6.1 are : brw-rw-rw- 1 root disk 2, 0 Apr 15 1999 /dev/fd0 brw-rw-rw- 1 root disk 2, 1 Apr 15 1999 /dev/fd1 And on SuSE 6.3 : brw-rw---- 1 root disk 2, 0 Nov 15 1999 /dev/fd0 brw-rw---- 1 root disk 2, 1 Nov 15 1999 /dev/fd1 If a system administrator wants to boot a system from floppy disk he would make the floppy disk read-only, isn't it ? However, you are indeed correct that a lazy sysadmin would ruin his system, anyway ;-). Regards, Fred Mobach fred at mobach.nl