[ale] user using mount

Michael B. Trausch fd0man at gmail.com
Sun May 28 12:38:15 EDT 2006


On Sun, May 28 2006 09:30, David Corbin wrote:
>
> Right.  So an attempt to mount THAT device should fail.  But I can't seem
> to run an arbitrary mount command for an NFS volume as 'dumb user'.
>

There is a bigger reason for not permitting a user to mount things 
arbitrarily.  It is a great deal easier -- and more secure -- to whitelist 
permitted behavior, instead of blacklisting prohibited behavior.  Consider 
the implications of a user mounting an NFS volume on the /home mount point, 
or /home/dumbuser, or whatever.

Now, you could argue that certain mountpoints should be protected, but then 
how are you going to determine what mountpoints are protected?  Do you 
protect everything that is listed in /etc/fstab?  If you do, you still have 
a flaw -- a user can mount something anywhere not listed in /etc/fstab.  If 
the only thing listed is "/", then you have a bit of a problem, because 
somebody could mount something 
on /usr, /usr/local, /home, /home/someuser, /home/someuser/bin, or 
something else that could inject a trojan horse on a system.  This is, of 
course, a problem both on end-user systems as well as business systems.  
Therefore, it is generally safer to just whitelist certain behaviors with 
the elements of the system that exist -- using /etc/fstab to permit users 
to mount something, or to use sudo if that is more convenient.

That way, you are not only protecting the user from their self, you are 
protecting them from rogue programmers, as well.

It is kind of like letting a user use 'sudo' across the entire system 
without a password -- not only can the user then do anything on the system, 
but any program running as that user can, as well.  And there, you see, is 
one of the fundamental flaws of the way most Windows boxes are setup 
today -- everybody has admin privilege by default.

	HTH,
	Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available




More information about the Ale mailing list