:: Re: [DNG] gvfs depends on libsystem…
Top Page
Delete this message
Reply to this message
Author: Stephanie Daugherty
Date:  
CC: dng
Subject: Re: [DNG] gvfs depends on libsystemd0
On Mon, Apr 10, 2017 at 11:28 PM, marc <marcxdv@???> wrote:

> > You still should use sudo, with a password - the user's own password.
> > Using root password many times, every day, is bad for security (the more
> > times you type it the higher the chances are it will be captured) and it
> > instills the desire of an easy to remember and fast to type password.
>
>


As an aside here, avoid using sudo to allow untrusted or minimally trusted
users to mount filesystems. There is a "user" option as well as an "owner"
option in /etc/fstab, and default installations of /bin/mount are setuid
root, allowing them to mount filesystems configured to be user-accessible
according to administrator-determined settings without su or sudo.

While this probably isn't completely secure, the attack surface is much
smaller and it's much more secure than most mere mortals will be able to
achieve with sudo, as correctly configuring sudo to limit the range of
possible inputs is difficult to understand and prone to human error, where
mount is instead rigidly limited to the approved mountpoints, devices,
filesystem types, and options by design. Making a filesystem user mountable
via fstab even implies noexec, nosuid, and nodev!

There are still the potential security issues of a buggy /bin/mount
executable and a buggy filesystem, but this approach at least eliminates a
wide range of creative ways through which /bin/mount or the shell could be
tricked into running a second executable with root permissions via sudo.