[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: at-boot smbmount security.
On Mon, Aug 13, 2001, Oleg Goldshmidt wrote about "Re: at-boot smbmount security.":
> "Nadav Har'El" <nyh@math.technion.ac.il> writes:
>
> > Well, one obvious solution is to have /etc/fstab readable only for
> > root.
>
> I should have mentioned that this was the first thing I tried, but
> then I started seeing various popups (logged as a user in KDE-2.1.1)
> complaining that fstabs could not be read. What exactly caused the
> complaints, I don't know, and frankly, I did not try to investigate
My /etc/fstab has always been root-only readable, and I never saw any
problem. This should cause no problem: I can even do "mount /mnt/cdrom" as
non-root (note that mount is normally installed setuid-root and does its
own permission checking). The "mount", "df", and all similar commands work
for non-root.
Of course, if some silly KDE application thinks it is allowed to read
/etc/fstab, then you should track it down and file a bug report. Non-superuser
applications should not be allowed to meddle with /etc/fstab, since they
don't have the power to change them anyway; The most they should do is care
is about currently mounted filesystems: and for that /proc/mounts and
/etc/mtab are available (both are world-readable on my system, and do not
contain the passwords).
Anyway, not using KDE (or any other fancy-schmancy "desktop") I never
noticed such errors.
--
Nadav Har'El | Monday, Aug 13 2001, 24 Av 5761
nyh@math.technion.ac.il |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |You have the right to remain silent.
http://nadav.harel.org.il |Anything you say will be used against you.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il