Fedora 12 and unprivileged package installation
Posted Nov 22, 2009 18:05 UTC (Sun) by nhippi
In reply to: Fedora 12 and unprivileged package installation
Parent article: Fedora 12 and unprivileged package installation
Then I can mount any file system I like on that drive with or without my admin's approval. If he believed that by plugging in a USB drive that contains important files and by formatting the volume Ext3 and setting up file system permissions he could keep me from reading or writing to certain files then he would be sorely mistaken.
If a admin believes ext3 makes files on usb stick safe the admin is not mistaken, the admin is stupid.
Then again, it is known for at least last 10 years that granting hardware access by the traditional UNIX user:group setup just doesn't correlate with reality. Observe the historic discussion with /dev/dsp permissions. previously we had two choices:
1) add a user to "audio" group.
..means the user can remotely eavesdrop local users.
2) grant user access (by temporarily adding to audio group or by chowning it to the user) to /dev/dsp when logging into console and remove the permissions when logging out
..means the user can open /dev/dsp when visiting console, and leave a daemon reading it and remotely eavesdrop local users.
same applies to floppies, usbsticks etc. Hopefully policykit etc will deal with it eventually.
to post comments)