On 2020-05-14 at 06:43, Albretch Mueller wrote: > On 5/12/20, Eric S Fraga <e.fr...@ucl.ac.uk> wrote: > >> If pmount is installed/available, 'pmount sdc1' will mount the disk >> onto /media/sdc1. > > I don't think pmount is installed, but I will check anyway. My > options seems hopeless. > > I can't even understand why they would mount a drive as root. Isn't > that more problematic from a security point of view?
Depends on what you consider the alternative to be. To start out with, in order to mount a drive at all, you have to have sufficient permissions on the device node which represents the disk. If an ordinary user had those permissions, then that user could read the contents of the disk without mounting it (thereby bypassing file-level security on any files on that disk), and/or write directly to the disk (thereby trashing the disk contents, or - with additional sophistication - replacing them with other, potentially malicious, data). Beyond that, since a mount can be done to any directory path, consider the security implications if a random user could mount an arbitrary device (or file) over, say, /etc or /usr or ~/.config/ or some other important path. Even if done by accident with a harmless filesystem, something like that could be catastrophic, or at least lead to denial of service because of missing critical files; if done intentionally with a malicious filesystem, you could see sensitive data getting written to the mounted device and thereby leaked, or externally-supplied malicious programs getting run as privileged users. Requiring that a given mount-path/device-node pair be listed in /etc/fstab before a non-root user can explicitly mount it avoids both of those problems, at the cost of limiting the mount flexibility of everyone who can't write to that file. Various other tools (including pmount and udisks) have since been created to mitigate that limitation. and for good reason, but some people still prefer to stick with the /etc/fstab listing as a mount-security design. (Note that I'm partly extrapolating from observation, rather than speaking from certain knowledge, but I'm mostly confident that this is an accurate description.) -- The Wanderer The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
signature.asc
Description: OpenPGP digital signature
