[arch-general] netcfg wlan connection renewal
Tavian Barnes
tavianator at tavianator.com
Thu Sep 29 10:46:13 EDT 2011
On 29 September 2011 06:55, Tom Gundersen <teg at jklm.no> wrote:
> On Thu, Sep 29, 2011 at 12:36 PM, Fons Adriaensen <fons at linuxaudio.org> wrote:
>> On Thu, Sep 29, 2011 at 11:51:53AM +0200, Tom Gundersen wrote:
>>
>>> What you are seeing is udisks [0]. The policy that is implemented, if
>>> I understand correctly, is that udisks allows a user who is physically
>>> at the machine to mount the usb drive, but not remote users.
>>>
>>> This makes sense for two reasons:
>>>
>>> * A user who is physically present could just grab the usb stick and
>>> insert it in a laptop where he/she has whatever permissions necessary
>>> to do whatever they want, so no security is lost.
>>
>> This makes no sense. I don't mind if they use their own sticks
>> on their own laptop. I do if they use it one this particular
>> machine.
>
> This is surely a very uncommon scenario. It is easily solved by
> tweaking the PK policies though (which should be expected if you want
> to do something non-standard).
Well if I have an ext4 flash drive with a SUID bash on it, it's game
over if I can mount it. Luckily udisks will mount it "nosuid,nodev"
among other things, so it doesn't matter. And of course, if I have
physical access, I can also steal the hard drive.
--
Tavian Barnes
More information about the arch-general
mailing list