Re: Adding users to plugdev dynamically

[Josselin Mouette <josselin.mouette@ens-lyon.org>]

Le dimanche 19 décembre 2004 à 12:26 +0000, Rob Bradford a écrit :
> * In a network environment where the authentication and group membership is
> specified by NIS/ldap/etc, this could cause issues if there are certain machines
> where the removal media might be private, or the system acts as an individual's
> workstation but is also accessible remotely.
> 
> In particular a problem could arise where a malicous user logs into the system
> remotely, via ssh, and starts a process that monitors for the insertion of a usb
> keystick, and upon insertion mounts and gains control of this stick. This would
> either be a DoS and prevent the user logged in directly at the workstation from
> using and mounting it. Or worse this could lead to information leakage and if
> that device is being used to store an ssh/rootplug/gpg key then there is a real
> security risk.
> 
> All these problems would be avoided if the pam configuration files for say
> gdm/xdm/console logins automatically added the user to the group.

This is more convenient, but it doesn't solve the security issue. If the
user can log in once, he can retain ownership on the device by keeping
it opened. As long as the kernel doesn't implement a revoke() system
call, it is not possible to ensure that only the locally logged on user
can use the device.
-- 
Josselin Mouette                  /\./\
                                                 pouet
                                                     pouet
« Sans puissance, la maîtrise n'est rien. »