Camera mounting

[Ian Malone]

On 8 July 2014 22:33, lee <lee at yun.yagibdah.de> wrote:
> Ian Malone <ibmalone at gmail.com> writes:
>
>> By expecting users to mount attached devices with full-fat mount usage
>> you open the potential for exploits.
>
> How would that happen?  A file system is either mounted or not, or is
> it?

I think I wasn't clear enough. The user doesn't get to run mount
themselves. The system does it for them, in a well-defined place with
set permissions. If you're worried about security then what are the
actual risks?
- Worried about users copying data on or off. You need to disable auto
mounting, but you need to do a lot of other things too.
- Things getting mounted in dangerous places, e.g. over / or /bin or a
user's home directory. Doesn't happen.
- Things being mounted executable. I've just checked and the default
options I get for FAT are showexec, but this could probably be changed
to prevent it, certainly it gives you a single point the admin could
potentially change it. But files are owned by the user, so setuid
tricks are out.

As for KIO, GVFS, sometimes the thing really *isn't* mounted, my
camera for instance doesn't get a mount point. The file explorer talks
to the camera directly (PTP I think in this case).

-- 
imalone
http://ibmalone.blogspot.co.uk