On Tuesday 11 May 2004 05:54, Ben Stringer wrote: > It may be his memstick, but when it is mounted, it becomes one of the > filesystems available to the operating system. If a user decided they > wanted their memory stick to mount somewhere under "/etc", they could > simply subvert system security, controls or existing configuration. This > is why a mount should require system authorisation. This is fundamental > security and trading it off for convenience is just that - a trade-off. > It is your decision - just be sure you are aware of what you sacrifice > for the convenience. So then why should I as a user not be allowed to mount under my home directory? This is something that SELinux will help with, I think. I can then set a policy to allow me to mount a filesystem under my home (but not anywhere else!). Is this not the solution? Likewise, for CD burning it is necessary to be very careful. CD and DVD burning require a very low-level access to the drive; low enough of a level to be able to flash the drive's firmware, even. Well, the current k3b setup with FC2 does not require root access. I simply burn the CD/DVD just like as in windows from my ordinary user. Changing network settings is another place, but even under Windows XP you are limited as a normal user what you can do in networking. But there are some things that you CAN do, like setting up a dialup networking connection. I should not have to have the root password to set up a personal DUN/PPP connection, and the config files for my personal connection should not reside in /etc/sysconfig. There are things that should belong to the individual users, and not to the system. WinXP allows you to specify that for DUN connections: make it available to all users on the machine or keep it private. I'd LOVE to see user-private PPP connections for my kids' PC, so that my wife can connect without needing a password, for instance, but my kids cannot, and they can even use different connection profiles, etc. But at the same time I as a a multiuser sysadmin (or even in administering laptops) should be able to configure to disallow those sorts of things: I might need to require my laptop users (who are using company equipment) to use OUR dialup, and disallow any changes. Something like Windows Policy Editor allows for that; SELinux should be able to handle all that easily, if the policies are set up properly. It is a fine line between things that belong to the system (and require root) and things that belong to the user. The statement being made, as I understand it, is that more needs to belong to the user and less to the system, where that does not compromise system-level security. But, at the same time, there are users whose systems DO NOT NEED what I would consider minimal security. The example given is one of those situations. So, I'd like to see a 'Power User' setting available for SELinux that would allow many things that would not compromise network-connected security to be done by ordinary users, like mounting a filesystem under their home (given that they have permissions to mount that filesystem; you don't want remounts of / or /boot, for instance). -- Lamar Owen Director of Information Technology Pisgah Astronomical Research Institute 1 PARI Drive Rosman, NC 28772 (828)862-5554 www.pari.edu
