[Slackbuilds-users] HAL 'plugdev' system-group (ivman/pmount)
Patrick J. Volkerding
volkerdi at slackware.com
Wed May 16 19:43:37 UTC 2007
Nenad Spirkoski wrote:
> Во среда 16. мај 2007 20:44 Patrick J. Volkerding напиша:
>> I'd say it all hinges on security. If a normal user mounts a CD, the
>> fstab applies all kinds of restrictions to it (or should). OTOH, I have
>> no idea if we were to reuse "cdrom" if someone could come along with a
>> stick of flash memory with a setuid root binary, stick it in, and run
>> it. Or, if the setuid bits would be removed.
> What about adding nosuid (also nodev and noexec) as options in /etc/fstab?
It's harder when you don't know what the device name is going to be.
Could be /dev/sdb1 or something -- the point is, I don't see a *simple*
way to stop people from mounting a device which allows them to escalate
to root, but also, since I don't have this installed perhaps this is
done automatically, or can be configured. I don't think /etc/fstab will
be the place, though.
>> "plugdev" wouldn't be my favorite group name, but when things get ugly
>> when you exceed 8 characters it leaves few good choices. If that's what
>> at least one distro that's implemented HAL before us uses, I'm not
>> opposed to adding the group to Slackware. Safety first. :-)
> BTW, i did smile when i saw Gentoo's /etc/inittab
> # Author: Miquel van Smoorenburg, <miquels at cistron.nl>
> # Modified by: Patrick J. Volkerding, <volkerdi at ftp.cdrom.com>
> # Modified by: Daniel Robbins, <drobbins at gentoo.org>
> # Modified by: Martin Schlemmer, <azarah at gentoo.org>
Well, yeah, I wrote a couple of things here and there.
Here, I'm just another SBo user.
More information about the Slackbuilds-users