Bug#812153: [Pkg-utopia-maintainers] Bug#812153: Bug#812153: Bug#812153: Bug#812153: policykit-1: allows ordinary users to mount filesystems

On Thu, 2016-01-21 at 14:48 +0100, Michael Biebl wrote: > With the default policy we ship in Debian, the following conditions > need > to be met, that a non-admin user can mount/umount > > - The user needs to be local and active, e.g. a user logged in via > SSH > can *not* arbitrarly mount/umount

Bug#812153: [Pkg-utopia-maintainers] Bug#812153: Bug#812153: Bug#812153: Bug#812153: policykit-1: allows ordinary users to mount filesystems

Am 21.01.2016 um 04:53 schrieb Christoph Anton Mitterer: > though. E.g. I wouldn't want to have everyone-may-access-everything Since Christoph Anton Mitterer keeps repeating that, I want to make sure that everyone else reading this bug report is aware that this is *not* true. With the default pol

Bug#812153: [Pkg-utopia-maintainers] Bug#812153: Bug#812153: Bug#812153: policykit-1: allows ordinary users to mount filesystems

On Thu, 2016-01-21 at 04:32 +0100, Michael Biebl wrote: > Right, since we had removable media 30 years ago. No but mounting filesystems. > In such a very specialised situation you can easily lock down the > configuration. For such a setup you will most likely need custom > configuration anyway to

Bug#812153: [Pkg-utopia-maintainers] Bug#812153: Bug#812153: Bug#812153: policykit-1: allows ordinary users to mount filesystems

Am 21.01.2016 um 04:18 schrieb Christoph Anton Mitterer: > On Thu, 2016-01-21 at 04:13 +0100, Michael Biebl wrote: >> This behaviour has been since 2000 or so, since at least the >> introduction of hal and pmount. > > Then one has still some 30 years before where it has been different... Right, s

Bug#812153: [Pkg-utopia-maintainers] Bug#812153: Bug#812153: policykit-1: allows ordinary users to mount filesystems

On Thu, 2016-01-21 at 04:13 +0100, Michael Biebl wrote: > This behaviour has been since 2000 or so, since at least the > introduction of hal and pmount. Then one has still some 30 years before where it has been different... > You don't gain anything security wise by not allowing removable media

Processed: Re: [Pkg-utopia-maintainers] Bug#812153: policykit-1: allows ordinary users to mount filesystems

Processing control commands: > reopen -1 Bug #812153 {Done: Michael Biebl } [policykit-1] policykit-1: allows ordinary users to mount filesystems Bug reopened Ignoring request to alter fixed versions of bug #812153 to the same values previously set > reassign -1 udisks2 Bug #812153 [policykit-1]

Bug#812153: [Pkg-utopia-maintainers] Bug#812153: policykit-1: allows ordinary users to mount filesystems

Control: reopen -1 Control: reassign -1 udisks2 On Thu, 2016-01-21 at 03:39 +0100, Michael Biebl wrote: > Policykit is the wrong package. What you look for is udisks, most > likely. I went through /usr/share/polkit- 1/actions/org.freedesktop.udisks2.policy but all settings there seem to be auth_ad

Bug#812153: policykit-1: allows ordinary users to mount filesystems

Package: policykit-1 Version: 0.105-14.1 Severity: grave Tags: security Hi. Apparently polkit (or at least I guess it's ultimately the offender here, if not please reassign accordingly) allows ordinary users to mount any filesystem per default. E.g. such connected via USB, or set up via losetup.