[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Introducing pmount in Debian / New plugdev group

On Tue, Nov 09, 2004 at 06:41:40PM +0100, Martin Pitt wrote:
> We solved (4) by introducing a new group called 'plugdev'. Every user
> who is a member of this group can access hotpluggable devices (digital
> cameras, USB drives etc.). pmount can only be executed by members of
> this group (it is root:plugdev 750),

Hmm. What's to stop a user fetching their own version of the pmount
binary? I assume that won't work since they won't have the appropriate
device permissions.

If so, then a+x mode is safe, and directed by Debian Policy (I think. If
not, it's in the Developer's Reference as a good idea).

If not, then there's a nasty security hole at that point.

The rest of it sounds good. I'm not fussed about hal, since I don't
use gnome-volume-manager, but pmount might work better for me than
autofs4, which you can't manually unmount without becoming root. >_<

Paul "TBBle" Hampson, MCSE
7th year CompSci/Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)

"No survivors? Then where do the stories come from I wonder?"
-- Capt. Jack Sparrow, "Pirates of the Caribbean"

This email is licensed to the recipient for non-commercial
use, duplication and distribution.

Attachment: signature.asc
Description: Digital signature

Reply to: