On Thu, 2006-01-19 at 21:08 +0200, Efraim Yawitz wrote: > > On Thu, 19 Jan 2006, Gilboa Davara wrote: > > > > > Umm.... mounting loop device is limited to root for a good reason. > > Once a user had loop mount capability, it's much easier for him to mount > > a modified FS where all the sbin utilities are suided... > > > > A secure system gives users *very* limited mount capabilities. > > > The idea was to loop-mount a fs on my own computer as root, modify it there > and then burn it onto a CD which could be mounted on another machine. The > other posters pointed out that this is theoretically possible, but the > safeguard of allowing mounting only with -nodev by users prevents the problem. > > Ephraim >
In this case adding nodev and nosuid to the fstab line is in order. Gilboa ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
