[PATCH] use HAL property to set mount root in callouts

Andrey Borzenkov arvidjaar at mail.ru
Sun Jan 8 01:14:03 PST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sunday 08 January 2006 06:51, Kay Sievers wrote:
> On Sat, Jan 07, 2006 at 09:46:58PM +0300, Andrey Borzenkov wrote:
> > On Saturday 07 January 2006 21:33, Kay Sievers wrote:
> > > > blacklisting mode does not allow user to restrict
> > > > access to inserted media (user may not want USB key with bank
> > > > certificate and transactions be readable to everyone).
> > >
> > > Filesystems have permissions or things like FAT is mounted with the uid
> > > of the requesting user.
> >
> > it (FAT) is still often world-readable even if not world-writable. Oh, I
> > actually meant umask (and dmask/fmask), I always confuse them. Default is
> > most probably wrong as it is taken from caller (i.e. HAL in this case)
> > not from user.
>
> The uid of the process who actually invokes the Mount() method is passed
> to mount, not HAL's own uid.
>

How is this relevant? fat fakes permissions by applying umask parameter. This 
parameter is by default taken from mounting process that means, effectively 
HAL method callout. Most likely it is set to 022 giving every user read 
rights but only owner may write. Now user may wish to make it 077 to 
effectively prevent any read access to everybody or to 002 to give group 
share access or even 000 (unlikely, but ...) to grant access to everybody. 
Sysadmin may opt to install system-wide mounter, revoke at_console 
permissions, set umask to 002 and add users to special group. This may be 
useful for unattended system without anyone logged in. Which BTW implies that 
gid= option may have to be whitelisted too :)

- -andrey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDwNfbR6LMutpd94wRArpTAJ0dMKGasjJihFVviAGMteXfTtkybACfXUJk
yiyQOUvQBcwqKNv/DNHnMxk=
=Cq5m
-----END PGP SIGNATURE-----


More information about the hal mailing list