As discussed in bug 133584 a more secure way to allow access to storage devices attached to the system near the console is to add a 'console' option that can appear in the /etc/fstab file. This option works like the 'user' option but additionally requires that the user is at the console. Will attach patch that does this.
Created attachment 104443 [details] Patch to add 'console' option to mount(1) and umount(1) Please review and rebuild. I've rebuilt the latest util-linux RPM from Rawhide with this patch by adding it as the last patch. With my testing the patch appears to work.
Rebuilt into beehive packages hal that adds 'console' instead of 'user' and gnome-vfs2 package that understands 'console'. Need this patch for FC3t3.
Patch is buggy. Can end up snprintf'ing a NULL pointer.
If an admin puts nousers for a device and console, what is the expected behavior? Does noconsole need to be added? NOTE - there is no check that the user is at the console in the umount section! Should the patch also update the man page?
Created attachment 104593 [details] New console patch adding a null check and fixing the snprintf This patch fixes the previous patch by adding a null check to getusername() and removing the unneeded subtraction of one from the size argument of snprintf.
Created attachment 104594 [details] Missed a bracket in the if Add an opening bracket for the null check.
Created attachment 104597 [details] More robust console patch Good catch Steve. New patch changes the flag name from console to pamconsole, adds a nopamconsole flag, and checks for pamconsole in umount. I also added the option to the fstab man file.
The patch is in util-linux-2.12a-16 which is in Rawhide so I'm closing this bug.