Does pmount honor mount_root?

Artem Kachitchkine Artem.Kachitchkin at Sun.COM
Tue Oct 25 11:26:54 PDT 2005

> It is a security issue; you would not want an user mounting his USB
> stick over /usr, /tmp, /home, or other sensitive directories. pmount
> already checks that nothing else is mounted on the target mount point,
> though, but better safe than sorry. :-)

I quite naturally assumed the user can't mount on a mount point he 
doesn't own. That's how BSD and Solaris work - finer grained privileges 
are used, vfs.usermount and sys_mount respectively, instead of set uid. 
A user shouldn't be able to create own directories under sensitive 
directories (and if he does, does it matter if he uses it as mount 
points or to store mp3s).

The above set of constraints is rather secure, I believe. Sites with 
more paranoid security policies should be able to customize their 


More information about the hal mailing list