On 10 July 2014 01:10, lee <lee(a)yun.yagibdah.de> wrote:
Ian Malone <ibmalone(a)gmail.com> writes:
> On 8 July 2014 22:33, lee <lee(a)yun.yagibdah.de> wrote:
>> Ian Malone <ibmalone(a)gmail.com> writes:
>>
>>> By expecting users to mount attached devices with full-fat mount usage
>>> you open the potential for exploits.
>>
>> How would that happen? A file system is either mounted or not, or is
>> it?
>
> I think I wasn't clear enough. The user doesn't get to run mount
> themselves. The system does it for them, in a well-defined place with
> set permissions.
Neither the system, nor the user should mount something. Only root
should do that, knowing what they're doing.
> If you're worried about security then what are the
> actual risks?
> - Worried about users copying data on or off. You need to disable auto
> mounting, but you need to do a lot of other things too.
When there is no auto mounting, that's one less thing you'd have to
disable.
> - Things getting mounted in dangerous places, e.g. over / or /bin or a
> user's home directory. Doesn't happen.
You trust computers too much.
No, I'm pragmatic in what can be trusted. If key components of your
system are compromised then what are you protecting and what are you
protecting from? Misdirected paranoia is pointless.
--
imalone
http://ibmalone.blogspot.co.uk