The JHU version of the V6 kernel and the mount program were modified (or
should I say buggered) so that unprivileged users could mount user packs.
There were certain restrictions added as well: no setuid on mounted
volumes etc.
The problem came up that people would mount them using relative paths and
the mtab wouldn't really show who was using the disk as a result. I
suggested we just further bugger it by making the program chdir to '/dev'
first. That way you wouldn't have to put /dev/ on the drive device and
you'd have to give an absolute path for the mount point (or at least one
relative to /dev). I pointed out to my coworker that there was nothing in
/dev/ to mount on. He started trying it. Well the kernel issued errors
for trying to use a special file as a mount point. He then tried "."
Due to a combination of bugs that worked!
The only problem, is how do you unmount it? The /dev nodes had been
replaced by the root of directory of my user pack. Oh well, go halt and
reboot.
There were supposed to be protections against this. Mind you I did not
have root access at this point (just a lowly student operator), so we
decided to see where else we could mount. Sure enough cd /etc/ and mount
on "." there. We made up our own password file. It had one account with
uid 0 and the name "Game Player" in the gcos field. About this one of the
system managers calls and tells us to halt the machine as it'd had been
hacked. I told him we were responsible and we'd undo what we did.
I think by this time Mike Muuss came out and gave me the "mount" source and
told me to fix it.