g-v-m vs. pamconsole mount option

Andrey Borzenkov arvidjaar at mail.ru
Mon Jan 2 04:09:17 PST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva defaulted to pamconsole mount option since switching to HAL. Recently 
all removables started to be not accessible to logged in user. The problem 
seems to be interaction between g-v-m and hal. Hal adds /etc/fstab line 
containing pamconsole option; g-v-m now calls volume Mount method with empty 
parameter set that basically results in calling "mount /dev/node" - but on 
behalf of root, not user that has started g-v-m, thus effectively making 
device accessible to root only.

There seem to be more general issue - as far as I can tell, any user logged in 
can call volume Mount or Unmount method - without any sort of authentication 
and/or authorization performed.

Is it intentional? Is it local Mandriva problem and how do other distro avoid 
it?

TIA

- -andrey  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDuRfuR6LMutpd94wRAg8MAJ0TZIMb/oNUcuG0Hx4GvTvunFaG8QCgs7nK
Dd0TJFFofVUaCe1uXwS6Uuw=
=QoUA
-----END PGP SIGNATURE-----


More information about the hal mailing list