Here's 2 patches I'd like to be considered for addition to util-linux . 1. managed.patch : add the 'managed' noop keyword that can be used by hal to remove entries it creates (manages) from fstab 2. console.patch : add a pamconsole option to mount options, so only user at the console can mount. This is a safety measure so only local users should be able to mount removable devices. Both are RH patches. According to some mail i read on this (1) is supposed to be added mainstream anyway. 2 is a RH-ism (?), but our pam seems to support it already, so adding it here doesn't seem to be too intrusive. Both patches were taken from rawhide rpms.
Created attachment 43744 [details, diff] mount managed noop keyword patch this adds the 'managed' keyword.. because it's a RH patch it also adds 'kudzu' as noop. We could probably remove that.
Created attachment 43745 [details, diff] add pamconsole option to mount
i dont see how (2) is really useful ... someone could simply compile their own version of mount and get around the pam requirement
You don't even have to compile your own version of mount to get around it, thats not really the point. It's just a basic measure to have a somewhat safer default policy.
util-linux-2.12i now includes the mount ignore managed patch, thanks
there's 2 patches here..
going by comments #3 and #4 here, the second patch wont be added since it has no real merit
it has a real merit, just because it's not secure to a paranoia degree it doesn't mean it has no use at all, it is safer than the default. The patch is hardly intrusive, so i see no reason not to add it.
so feel free to add it to a local ebuild on your machine, it's not going into portage
