On Tue, 2007-09-18 at 19:41 +0200, Thorsten Leemhuis wrote:
I got a new laptop three months ago. It came with Windows and thus a
NTFS partition which I only made smaller, but did not remove --
/dev/sda3 to be precise:
$ ls -l /dev/sda3
brw-r----- 1 root disk 8, 3 14. Sep 16:10 /dev/sda3
FWIW, just doing
$ gnome-mount -d /dev/sda3
or double-clicking the appropriate icon it in Nautilus is how it works
in Fedora 8. You may need to go through a one-time-pain dialog to enter
either your own or the root password.
[...]
Which brings me to my questions: Can somebody please explain why the
above it working? Does it mean that if I write my own malicious
fuse.ext3 userspace driver that I can mount each and every block-device
on my system and read or modify the files on it (all by using fuse)?
Probably. Someone better fix fuse to not allow this.
David