Camera mounting
Ian Malone
ibmalone at gmail.com
Tue Jul 8 14:36:48 UTC 2014
On 8 July 2014 01:15, lee <lee at yun.yagibdah.de> wrote:
> Tim <ignored_mailbox at yahoo.com.au> writes:
>
>> Allegedly, on or about 06 July 2014, lee sent:
>>> Why would anyone but root be allowed to mount something?
>>
>> Because *I* put a CD, DVD, USB drive, into *my* computer, logged in as
>> *myself*...
>
> That doesn't mean that you should be allowed to mount it when you're not
> root. And your computer doesn't know /who/ added some media, does it.
>
>> If I have to be root, or gain root privileges, to do such a basic
>> requirement, these days, then security is being busted by either knowing
>> the root password, or being allowed to use my own password for such a
>> hazardous thing.
>
> Security is more likely to be busted by users carelessly mounting file
> systems than it is by users knowing the passwords for their computers,
> unless busted intentionally.
>
>
> Anyway, I wonder why the OP doesn't just mount the camera as usual. It
> seemed to be mountable.
>
All true. But we live in a world where attaching cameras and other
devices to computers to get files off them is a very common task. That
should be no more of a security concern than being able to get those
same files from the internet. The solution is a controlled way of
mounting attached devices, which if I understand correctly is what
/run/media is about, also things like KIO, GVFS. By expecting users to
mount attached devices with full-fat mount usage you open the
potential for exploits.
--
imalone
http://ibmalone.blogspot.co.uk
More information about the users
mailing list