[Slackbuilds-users] HAL 'plugdev' system-group (ivman/pmount)

[Patrick J. Volkerding]

Nenad Spirkoski wrote:
> Во среда 16. мај 2007 20:44 Patrick J. Volkerding напиша:
>> I'd say it all hinges on security.  If a normal user mounts a CD, the
>> fstab applies all kinds of restrictions to it (or should).  OTOH, I have
>> no idea if we were to reuse "cdrom" if someone could come along with a
>> stick of flash memory with a setuid root binary, stick it in, and run
>> it.  Or, if the setuid bits would be removed.
> 
> What about adding nosuid (also nodev and noexec) as options in /etc/fstab?

It's harder when you don't know what the device name is going to be. 
Could be /dev/sdb1 or something -- the point is, I don't see a *simple* 
way to stop people from mounting a device which allows them to escalate 
to root, but also, since I don't have this installed perhaps this is 
done automatically, or can be configured.  I don't think /etc/fstab will 
be the place, though.

>> "plugdev" wouldn't be my favorite group name, but when things get ugly
>> when you exceed 8 characters it leaves few good choices.  If that's what
>> at least one distro that's implemented HAL before us uses, I'm not
>> opposed to adding the group to Slackware.  Safety first.  :-)
> 
> BTW, i did smile when i saw Gentoo's /etc/inittab
> 
> # Author:  Miquel van Smoorenburg, <miquels at cistron.nl>
> # Modified by:  Patrick J. Volkerding, <volkerdi at ftp.cdrom.com>
> # Modified by:  Daniel Robbins, <drobbins at gentoo.org>
> # Modified by:  Martin Schlemmer, <azarah at gentoo.org>

Well, yeah, I wrote a couple of things here and there.

Here, I'm just another SBo user.

Take care,

Pat