Bug 182352 - HAL allows non-privileged console user to circumvent system policy
Summary: HAL allows non-privileged console user to circumvent system policy
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: hal
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: John (J5) Palmieri
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: FC5Blocker
TreeView+ depends on / blocked
 
Reported: 2006-02-21 23:13 UTC by David Zeuthen
Modified: 2013-03-13 04:49 UTC (History)
2 users (show)

Fixed In Version: 0.5.7-1
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-02-25 01:56:15 UTC
Type: ---


Attachments (Terms of Use)

Description David Zeuthen 2006-02-21 23:13:05 UTC
Description of problem:

HAL allows non-privileged console user to circumvent system policy by allowing
mounting of devices that the administrator put in /etc/fstab

Expected results:

HAL should refuse Mount() methods on devices specifically listed in /etc/fstab.

Additional info:

I've got a fix for this in HAL CVS. As I'm the upstream developer I also urge
upgrading to a new release for FC5Final rather soon as other important (though
not security critical) bugs have been fixed. I will do a hal 0.5.7 release later
this week.

I am marking this as a FC5 blocker bug.


Note You need to log in before you can comment on or make changes to this bug.