| 1 |
On Thu, Sep 13, 2012 at 09:19:19AM -0500, Canek Pel??ez Vald??s wrote |
| 2 |
> On Thu, Sep 13, 2012 at 1:50 AM, Walter Dnes <waltdnes@××××××××.org> wrote: |
| 3 |
|
| 4 |
> > A normal user can pumount *WHAT THAT SAME USER* has pmounted. Now try |
| 5 |
> > for a general solution. |
| 6 |
> |
| 7 |
> The general solution is using something like udisks+polkit. That is a |
| 8 |
> true general solution; otherwise you end up like the author of |
| 9 |
> calibre, with a security mess on his hands: |
| 10 |
> |
| 11 |
> https://bugs.launchpad.net/calibre/+bug/885027 |
| 12 |
|
| 13 |
To expand on what Neil said... |
| 14 |
* my configuration does not use suid. It passes a parameter to a script |
| 15 |
that runs under sudo |
| 16 |
* pmount and pumount are abreviations for "policy mount" and "policy |
| 17 |
umount". It has its own security policy, namely that it will only |
| 18 |
mount/unmount devices in /media |
| 19 |
|
| 20 |
-- |
| 21 |
Walter Dnes <waltdnes@××××××××.org> |
| 22 |
I don't run "desktop environments"; I run useful applications |
Archives