Re: [SLE] can no longer see usb drive

From: Greg Freemyer (greg.freemyer_at_gmail.com)
Date: 04/30/05

  • Next message: Martin Deppe: "Re: [SLE] Installation of SuSE 9.2 on an older Box" 
    Date: Sat, 30 Apr 2005 11:35:35 -0400
To: Suse Linux English <suse-linux-e@suse.com>

    On 4/30/05, Colin Carter <colincarter@exemail.com.au> wrote:
    > Thanks to Ken Schneider and Greg Freemyer.
    >

    <snip>

    > Thanks Greg.
    > I have been off the air for a few hours, then
    > I tried what you said.
    > Guess what! The damned thing automounted. :-)
    > dmesg gave me:
    > usb 5-7.4: new high speed USB device using address 3
    > usb 5-7.4: Product: Anypak_U2_USBNET
    > usb 5-7.4: Manufacturer: In-System Design
    > usb 5-7.4: SerialNumber: 1200E00002143583
    > Initializing USB Mass Storage driver...
    > scsi0 : SCSI emulation for USB Mass Storage devices
    > Vendor: FUJITSU Model: MHS2020AT Rev: 8004
    > Type: Direct-Access ANSI SCSI revision: 02
    > SCSI device sda: 39070080 512-byte hdwr sectors (20004 MB)
    > sda: assuming drive cache: write through
    > sda: sda1
    > Attached scsi disk sda at scsi0, channel 0, id 0, lun 0
    > USB Mass Storage device found at 3
    > drivers/usb/core/usb.c: registered new driver usb-storage
    > USB Mass Storage support registered.
    > Attached scsi generic sg0 at scsi0, channel 0, id 0, lun 0, type 0
    >
    > As you suggested I tried to mount it as sda but I got an error
    > message saying that only root can mount it.
    > So I changed to su and tried again and got the message that
    > it is already mounted (expected I suppose). But why can't
    > I mount it as a 'normal' user?
    >
    > Regards,
    > Colin
    >
    As Ken said, the above is actually telling you to mount /dev/sda1
    (The first partition on sda).

    You can verify that with fdisk -l /dev/sda (prints the partition table).

    As to why only root? I assume because mount can be a dangerous
    command and can be used to cause data to written where users don't
    expect it.

    i.e.
    Assume mount could be run by any user for a minute and user1 is trying
    to steal data created by user2 in their home directory.

    If user1 says mount /dev/sda1 /home, the command will succeed and all
    of /home would be replaced by /dev/sda1 (potentially a usb drive).

    If user1 made a look alike of /home on the seperate disk before using
    mount to replace /home, the user2 may not realize the disk below /home
    was replaced.

    Then after user2 writes valuable data to /home, user1 un-mounts it and
    pulls the fake drive. user1 then takes it to another computer where
    user1 has root access and looks thru the valuable data.

    Since mount requires root priveledges, user1 can't perform the above
    breach of security without the root password, and if they have the
    root password they can already read user2's files without all that
    effort.

    Greg 

    -- 
Greg Freemyer
The Norcross Group
Forensics for the 21st Century
-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com
  • Next message: Martin Deppe: "Re: [SLE] Installation of SuSE 9.2 on an older Box"

    Relevant Pages