著者: Jaromil 日付: To: dng 題目: Re: [DNG] automount, mount, and USB sticks
On July 29, 2015 7:17:23 PM GMT+02:00, Steve Litt <slitt@???> wrote: >On Wed, 29 Jul 2015 17:07:32 +0200
>tilt! <tilt@???> wrote:
>
>
>> I am certain there is a way of solving this "automounting
>> problem" (if I may call it that) cleanly, without the use
>> of either of them. :-)
>
>Yes, a daemon running as root could do it. And if the daemon does
>nothing but observe inotify and dmesg, perhaps check a fifo for devices
>to be mounted/unmounted (with complete cleansing of that fifo's
>information) and perform a mount command, I imagine we could get a
>handle on security.
*very* interesting thread
sorry for stating the obvious I guess that's why you are all here
IMHO the bigger barrier to this is not having
a string parsing code (or basic grammar)
that is security oriented, I mean hardened
to run as root and handle corner cases
I mean: what would you suggest using for the
"check a FIFO" bit you mention?
pcre? perhaps very clean simple code?
most code out there has too many features
and is too ambitions to fulfill such a simple task
said that: yes, I do watch my process list
and think that smaller is better.
I think I speak for most people here when I say we dislike
the quantity of undocumented daemons running
on on gnu/Linux desktop nowadays and
I hope we can trim that down with Devuan
how I do it now? hardcode every single binary
that sudo is aloud to execute, full path
and locations that are only root writable.
that's a sudoers feature...