On Thu, Jul 30, 2015 at 12:40:33AM +0200, Didier Kryn wrote:
> I don't understand the preventions against sudo. It is just up to the
> administrator to take care, like for everything.
>
> Wether execution of the command is allowed by sudo, by a setuid bit or
> by policykit does not change the result. Sudo is simply the most versatile
> method to allow/disallow actions, IMHO far easier to configure than
> policykit. Don't forget that allowed commands may (should) be specified with
> their absolute path, therefore bypassing PATH. It is better than having a
> specialized daemon for this and that, because it keeps everything configured
> in one well known file.
>
> In the case of mounting usb sticks, this applies to a personal computer,
> where the owner is also the administrator. For conveniency, a limited list
> of actions may be allowed without password, like mounting a usb key.
I'm not sure where in the discussion this fits, but I thought I'd mention
it here:
Permitting all mount invocations via sudo does have a potential security
hole if your mount implementation supports FUSE, as you can run an arbitrary
command by specifying the mount type.
I don't think that sudo does the necessary steps to block this.
If you use a wrapper script, you can make it automatically determine the
type and run ntfs-3g if appropriate, then allow sudo to run that.
If you use a C wrapper, you can do that and make it suid.
HTH,
Isaac Dunham
::
Re: [DNG] automount, mount, and USB…
