On 8 July 2014 01:15, lee <lee(a)yun.yagibdah.de> wrote:
Tim <ignored_mailbox(a)yahoo.com.au> writes:
> Allegedly, on or about 06 July 2014, lee sent:
>> Why would anyone but root be allowed to mount something?
>
> Because *I* put a CD, DVD, USB drive, into *my* computer, logged in as
> *myself*...
That doesn't mean that you should be allowed to mount it when you're not
root. And your computer doesn't know /who/ added some media, does it.
> If I have to be root, or gain root privileges, to do such a basic
> requirement, these days, then security is being busted by either knowing
> the root password, or being allowed to use my own password for such a
> hazardous thing.
Security is more likely to be busted by users carelessly mounting file
systems than it is by users knowing the passwords for their computers,
unless busted intentionally.
Anyway, I wonder why the OP doesn't just mount the camera as usual. It
seemed to be mountable.
All true. But we live in a world where attaching cameras and other
devices to computers to get files off them is a very common task. That
should be no more of a security concern than being able to get those
same files from the internet. The solution is a controlled way of
mounting attached devices, which if I understand correctly is what
/run/media is about, also things like KIO, GVFS. By expecting users to
mount attached devices with full-fat mount usage you open the
potential for exploits.
--
imalone
http://ibmalone.blogspot.co.uk