[Slackbuilds-users] HAL 'plugdev' system-group (ivman/pmount)

Menno Duursma druiloor at zonnet.nl
Thu May 17 10:09:07 UTC 2007


Alan Hicks wrote:
>> I'd say it all hinges on security.  If a normal user mounts a CD, the
>> fstab applies all kinds of restrictions to it (or should).  OTOH, I have
>> no idea if we were to reuse "cdrom" if someone could come along with a
>> stick of flash memory with a setuid root binary, stick it in, and run
>> it.  Or, if the setuid bits would be removed.

pmount defaults to ignoreing them, thus this shouldn't be an issue; i.e.:
/dev/sda1 on /media/sda1 type vfat 
(rw,noexec,nosuid,nodev,quiet,shortname=mixed,uid=1007,gid=104,umask=007)

> Well, the admin is going to have to setup fstab for this anyhow, right?

No, that's the point.

It still allows for admins to setup fstab though (just scrap pmount)
dbus/hal/ivman can still be used to trigger a 'normal' mount: 
http://www.linux.com/article.pl?sid=06/07/26/2129232

> (Or does HAL somehow screw with that?

Nope. ('pmount' does :-))

-Menno.



More information about the Slackbuilds-users mailing list