On Fri, Mar 03, 2006 at 10:47:56AM -0300, Henrique de Moraes Holschuh wrote:
Not in my servers, it doesn't. And I should add, not even in my desktops:
all removable filesystems are mounted nodev, nosuid.
Mounting malicious filesystems automatically (vfat can't be one AFAIK, but
it won't bork if you tell it to be nosuid, nodev either) is never a feature,
it is a security hole.
Well, a filesystem can be malicious whether it's mounted nosuid or not.
Consider the case of a crafted directory structure that tickles a kernel
bug, for example. There's no question that making things easier for
desktop users adds risks, the question is where to strike the balence.
--
Michael Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
