Does pmount honor mount_root?
Artem Kachitchkine
Artem.Kachitchkin at Sun.COM
Tue Oct 25 11:26:54 PDT 2005
> It is a security issue; you would not want an user mounting his USB
> stick over /usr, /tmp, /home, or other sensitive directories. pmount
> already checks that nothing else is mounted on the target mount point,
> though, but better safe than sorry. :-)
I quite naturally assumed the user can't mount on a mount point he
doesn't own. That's how BSD and Solaris work - finer grained privileges
are used, vfs.usermount and sys_mount respectively, instead of set uid.
A user shouldn't be able to create own directories under sensitive
directories (and if he does, does it matter if he uses it as mount
points or to store mp3s).
The above set of constraints is rather secure, I believe. Sites with
more paranoid security policies should be able to customize their
configuration.
-Artem.
More information about the hal
mailing list