On July 29, 2015 7:17:23 PM GMT+02:00, Steve Litt <sl...@troubleshooters.com> wrote: >On Wed, 29 Jul 2015 17:07:32 +0200 >tilt! <t...@linuxfoo.de> wrote: > > >> I am certain there is a way of solving this "automounting >> problem" (if I may call it that) cleanly, without the use >> of either of them. :-) > >Yes, a daemon running as root could do it. And if the daemon does >nothing but observe inotify and dmesg, perhaps check a fifo for devices >to be mounted/unmounted (with complete cleansing of that fifo's >information) and perform a mount command, I imagine we could get a >handle on security.
*very* interesting thread sorry for stating the obvious I guess that's why you are all here IMHO the bigger barrier to this is not having a string parsing code (or basic grammar) that is security oriented, I mean hardened to run as root and handle corner cases I mean: what would you suggest using for the "check a FIFO" bit you mention? pcre? perhaps very clean simple code? most code out there has too many features and is too ambitions to fulfill such a simple task said that: yes, I do watch my process list and think that smaller is better. I think I speak for most people here when I say we dislike the quantity of undocumented daemons running on on gnu/Linux desktop nowadays and I hope we can trim that down with Devuan how I do it now? hardcode every single binary that sudo is aloud to execute, full path and locations that are only root writable. that's a sudoers feature... ciao _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
