On Tue, Mar 04, 2008 at 01:57:02PM +0100, Miloslav Trmac wrote:
> Hello,
> Zdenek Prikryl napsal(a):
>> I don't know, why eject has to use pam in Fedora. So, could anyone explain why?
> The goal was probably to allow console users (=> pam_console.so) eject the
> CD/DVD medium without knowing the root password. Some platforms have
Unfortunately, it also works for non-CD/DVD devices.
Unfortunately, eject(8) is ***broken by design***, because
automatically calls umount(8) before an eject ioctl.
$ umount /dev/sda8
umount: only root can unmount LABEL=/mnt/misc from /mnt/misc
Well, try other way:
$ grep sda8 /proc/mounts
/dev/sda8 /mnt/misc ext3 rw,relatime,data=ordered 0 0
$ eject sda8
umount: /: device is busy
umount: /: device is busy
eject: unmount of `/' failed
$ grep sda8 /proc/mounts; echo $?
1
From my point of view this is ***security bug*** (#432187), because
eject(8) bypasses /etc/fstab setting.
The normal UNIX design is use small separated commands rather than
one super-command. eject(8) should print "error: device is mounted"
rather than directly umount the device.
Karel
--
Karel Zak <kzak@xxxxxxxxxx>
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
