On Fri, Mar 03, 2006 at 10:47:56AM -0300, Henrique de Moraes Holschuh wrote:
Not in my servers, it doesn't. And I should add, not even in my desktops: all removable filesystems are mounted nodev, nosuid. Mounting malicious filesystems automatically (vfat can't be one AFAIK, but it won't bork if you tell it to be nosuid, nodev either) is never a feature, it is a security hole.
Well, a filesystem can be malicious whether it's mounted nosuid or not. Consider the case of a crafted directory structure that tickles a kernel bug, for example. There's no question that making things easier for desktop users adds risks, the question is where to strike the balence.
-- Michael Stone