On Thu, Sep 13, 2012 at 09:19:19AM -0500, Canek Pel??ez Vald??s wrote > On Thu, Sep 13, 2012 at 1:50 AM, Walter Dnes <[email protected]> wrote:
> > A normal user can pumount *WHAT THAT SAME USER* has pmounted. Now try > > for a general solution. > > The general solution is using something like udisks+polkit. That is a > true general solution; otherwise you end up like the author of > calibre, with a security mess on his hands: > > https://bugs.launchpad.net/calibre/+bug/885027 To expand on what Neil said... * my configuration does not use suid. It passes a parameter to a script that runs under sudo * pmount and pumount are abreviations for "policy mount" and "policy umount". It has its own security policy, namely that it will only mount/unmount devices in /media -- Walter Dnes <[email protected]> I don't run "desktop environments"; I run useful applications
