On 10 July 2014 01:10, lee <lee@xxxxxxxxxxxxxxx> wrote: > Ian Malone <ibmalone@xxxxxxxxx> writes: > >> On 8 July 2014 22:33, lee <lee@xxxxxxxxxxxxxxx> wrote: >>> Ian Malone <ibmalone@xxxxxxxxx> writes: >>> >>>> By expecting users to mount attached devices with full-fat mount usage >>>> you open the potential for exploits. >>> >>> How would that happen? A file system is either mounted or not, or is >>> it? >> >> I think I wasn't clear enough. The user doesn't get to run mount >> themselves. The system does it for them, in a well-defined place with >> set permissions. > > Neither the system, nor the user should mount something. Only root > should do that, knowing what they're doing. > >> If you're worried about security then what are the >> actual risks? >> - Worried about users copying data on or off. You need to disable auto >> mounting, but you need to do a lot of other things too. > > When there is no auto mounting, that's one less thing you'd have to > disable. > >> - Things getting mounted in dangerous places, e.g. over / or /bin or a >> user's home directory. Doesn't happen. > > You trust computers too much. > No, I'm pragmatic in what can be trusted. If key components of your system are compromised then what are you protecting and what are you protecting from? Misdirected paranoia is pointless. -- imalone http://ibmalone.blogspot.co.uk -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
