Camera mounting
Ian Malone
ibmalone at gmail.com
Thu Jul 10 07:51:37 UTC 2014
On 10 July 2014 01:10, lee <lee at yun.yagibdah.de> wrote:
> Ian Malone <ibmalone at gmail.com> writes:
>
>> On 8 July 2014 22:33, lee <lee at yun.yagibdah.de> wrote:
>>> Ian Malone <ibmalone at gmail.com> writes:
>>>
>>>> By expecting users to mount attached devices with full-fat mount usage
>>>> you open the potential for exploits.
>>>
>>> How would that happen? A file system is either mounted or not, or is
>>> it?
>>
>> I think I wasn't clear enough. The user doesn't get to run mount
>> themselves. The system does it for them, in a well-defined place with
>> set permissions.
>
> Neither the system, nor the user should mount something. Only root
> should do that, knowing what they're doing.
>
>> If you're worried about security then what are the
>> actual risks?
>> - Worried about users copying data on or off. You need to disable auto
>> mounting, but you need to do a lot of other things too.
>
> When there is no auto mounting, that's one less thing you'd have to
> disable.
>
>> - Things getting mounted in dangerous places, e.g. over / or /bin or a
>> user's home directory. Doesn't happen.
>
> You trust computers too much.
>
No, I'm pragmatic in what can be trusted. If key components of your
system are compromised then what are you protecting and what are you
protecting from? Misdirected paranoia is pointless.
--
imalone
http://ibmalone.blogspot.co.uk
More information about the users
mailing list