On Thu, Jul 16, 2015, at 12:47 AM, Eric W. Biederman wrote: > With that said desktop environments have for a long time been > automatically mounting whichever filesystem you place in your computer, > so in practice what this is really about is trying to align the kernel > with how people use filesystems. There is a large attack surface difference between mounting a device that someone physically plugged into the computer (and note typically it's required that the active console be unlocked as well[1]) versus allowing any "unprivileged" process at any time to do it. Many server setups use "unprivileged" uids that otherwise wouldn't be able to exploit bugs in filesystem code. [1] https://bugzilla.gnome.org/show_bug.cgi?id=653520 "AutomountManager also keeps track of the current session availability (using the ConsoleKit and gnome-screensaver DBus interfaces) and inhibits mounting if the current session is locked, or another session is in use instead." -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
