/etc/fstab Lacks Mount Point For Floppy

Michal Jaegermann michal at harddata.com
Mon Oct 18 04:46:44 UTC 2004 

> 
> Then how do you propose the default options for a device previously
> unknown to the system, say, a hotplugged USB floppy drive or IEEE1394
> hard disk should be specified?

Removable media, like floppy or CD should IMO by default have fstab
entries 'nosuid,nodev,noexec'.  Something obviously knows about
floppies hence I commented that the resulting mount was "right".
The problem is that resulting mount options were not those which
showed up in /etc/fstab.

As for firewire hard disk the issue is indeed more complicated
but I would also rather think that a general default should be
'nosuid,nodev,noexec'.  If not then "owning" a machine where I can
plug-in some firewire or zip disk, where I prepared myself some
rudimentary system beforehand looks rather simple.  You can
try to guard against that by changing ownership of everything
there to "console owner" but the later is not always well defined.
Moreover if I can create there "device files" which I own then
this looks like a perfect avenue for an attack.

> Remember, this used to be hardcoded in the fstab-sync sources, now it's
> totally configurable - in fact perhaps a bit too configurable in my
> view.

Perhaps.  My trouble is that too much seems to be opaque. Maybe
once we will get more familiar with the whole thing this perception
will change.  After all a manual page for fstab-sync showed up
only recently. :-)

Owners should be able to configure their systems any way they please;
only consequences of doing this or that should be clear.

> But this is what people like you, that like total control of their
> system, asked for and now I have implemented it.

Well, if someone else is controlling my system then this is not my
system anymore.  If you think that you can foresee all circumstances
in which my system will be used then it is certain that in some
moment you will screw up, most likely indirectly, both its security
and usability.  I do not know now how this will happen but I do know
that it will.

> Besides, we're aiming
> for a secure system that works out of the box so the need to ever touch
> the default configuration should be little.

That is why I think that options in /etc/fstab should default to
safer ones then what we are seeing right now.  I understand that
something overrides mount options tightening up security but why do
I have to rely that this something will not "forget" do to that?
Any particular reasons?

> While I agree this is more complicated, I submit there is absolutely no
> magic going on here - the transformation from the properties in storage-
> policy.fdi file and others to what gets added to the /etc/fstab is both
> well-defined and documented.

Here I am not that convinced.  There is "exec" there now and
automatically created /etc/fstab enteries have "exec" option clearly
spelled out.  But if I put a floppy in suddenly it is mounted
"noexec".  That is why I am talking about "magic".  OTOH if I had
good reasons to mount floppies "exec" then what?  Yes, I know that
as root I can do that but I do _not want_ in a normal operation
anybody running as root.  This is a straight road to a Windoze
madness.

   Michal

More information about the test mailing list