On 8 July 2014 22:33, lee <lee@xxxxxxxxxxxxxxx> wrote: > Ian Malone <ibmalone@xxxxxxxxx> writes: > >> By expecting users to mount attached devices with full-fat mount usage >> you open the potential for exploits. > > How would that happen? A file system is either mounted or not, or is > it? I think I wasn't clear enough. The user doesn't get to run mount themselves. The system does it for them, in a well-defined place with set permissions. If you're worried about security then what are the actual risks? - Worried about users copying data on or off. You need to disable auto mounting, but you need to do a lot of other things too. - Things getting mounted in dangerous places, e.g. over / or /bin or a user's home directory. Doesn't happen. - Things being mounted executable. I've just checked and the default options I get for FAT are showexec, but this could probably be changed to prevent it, certainly it gives you a single point the admin could potentially change it. But files are owned by the user, so setuid tricks are out. As for KIO, GVFS, sometimes the thing really *isn't* mounted, my camera for instance doesn't get a mount point. The file explorer talks to the camera directly (PTP I think in this case). -- imalone http://ibmalone.blogspot.co.uk -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
