Menu
▾
▴
Re: fdisk links to mount...
|
From: Jamie C. <jca...@we...> - 2002-06-25 00:47:23
|
jam...@te... wrote: > Hi All, > > My general philosophy on security is that unless a user has access to > something, they should not even > be given a direct opportunity by which they may be tempted to break a > security policy. For instance if > a user is not allowed within a certain module of a program then no where > should that user be given a > link to that module. In the fdisk module this is not the case as whether > or not the user has access to the > mount there are links over the mount points in the fdisk module pointing to > the mount command. If they > clikc there it will stop them and say access denied, but really I don't > think they should be given the opportunity > to click. > > Anyway I have attached a patch wich I think achieves this (if they don't > have access they do not get > a link). I tried to figure out what was the right way to figure out if a > user was able to access a foreign module, > but maybe I overlooked something. Anyway here its: Sounds like a good fix - I will put it in the next release. I suspect that someone with access to the fdisk module could find a way to become root and subvert all your security restrictions though :) - Jamie |
