Stef Bon wrote: > So good news! With this extra field indicating the user which is > activating the mount, it is possible > to do an extra security check. An mount on behalf of an user can only be > activated by himself. And everybody > can do a guest mount. > Hi Stef,
this is very good! The automounter is a very powerfull tool, and this power can be abused. It does not check who's activating the mount, and I can imagine that this "anybody can mount situation" is very insecure. The automounter - running under the account root - can do anything. Check credentials for example which are normally hidden to the user activating the mount, and perform a mount with these credentials. So a check on the userid and only performing the action this user is allowed to is a good idea! I will check this out. Stef _______________________________________________ autofs mailing list [email protected] http://linux.kernel.org/mailman/listinfo/autofs
