On Fri, 2004-09-10 at 05:40 -0700, Steve G wrote:
I'm not sure what the default policy should be though - most people are happy about not having to go to the commandline to get access to their partitions and some people have more or less valid security concerns.
OK, I've had some time to think this over. Traditionally, the default is on the open - all inclusive side of things unless there is the possibility of damage. e.g., tcp_wrapper defaults to open, iptable defaults to open. You must intervene to secure the system.
As long as the drives are only detected and mount points made, it don't have a problem. If the drives are *mounted*, I have a real problem. By mounting the drive, you may suddenly cause a drive to get fsck'ed by a newer program that oopses older kernels,
Has this actually happened?
or relabeled by SE Linux which will oops older kernels.
Yes; it's really a bug that the default relabeling procedure will try to relabel mount points. I've submitted a patch to fix this.