1 |
On Thu, Sep 13, 2012 at 09:19:19AM -0500, Canek Pel??ez Vald??s wrote |
2 |
> On Thu, Sep 13, 2012 at 1:50 AM, Walter Dnes <waltdnes@××××××××.org> wrote: |
3 |
|
4 |
> > A normal user can pumount *WHAT THAT SAME USER* has pmounted. Now try |
5 |
> > for a general solution. |
6 |
> |
7 |
> The general solution is using something like udisks+polkit. That is a |
8 |
> true general solution; otherwise you end up like the author of |
9 |
> calibre, with a security mess on his hands: |
10 |
> |
11 |
> https://bugs.launchpad.net/calibre/+bug/885027 |
12 |
|
13 |
To expand on what Neil said... |
14 |
* my configuration does not use suid. It passes a parameter to a script |
15 |
that runs under sudo |
16 |
* pmount and pumount are abreviations for "policy mount" and "policy |
17 |
umount". It has its own security policy, namely that it will only |
18 |
mount/unmount devices in /media |
19 |
|
20 |
-- |
21 |
Walter Dnes <waltdnes@××××××××.org> |
22 |
I don't run "desktop environments"; I run useful applications |