182352 – HAL allows non-privileged console user to circumvent system policy

Bug 182352 - HAL allows non-privileged console user to circumvent system policy

Summary: HAL allows non-privileged console user to circumvent system policy

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	hal
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	John (J5) Palmieri
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	FC5Blocker
TreeView+	depends on / blocked

Reported:	2006-02-21 23:13 UTC by David Zeuthen
Modified:	2013-03-13 04:49 UTC (History)
CC List:	2 users (show)
Fixed In Version:	0.5.7-1
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2006-02-25 01:56:15 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description David Zeuthen 2006-02-21 23:13:05 UTC

Description of problem:

HAL allows non-privileged console user to circumvent system policy by allowing
mounting of devices that the administrator put in /etc/fstab

Expected results:

HAL should refuse Mount() methods on devices specifically listed in /etc/fstab.

Additional info:

I've got a fix for this in HAL CVS. As I'm the upstream developer I also urge
upgrading to a new release for FC5Final rather soon as other important (though
not security critical) bugs have been fixed. I will do a hal 0.5.7 release later
this week.

I am marking this as a FC5 blocker bug.

Note You need to log in before you can comment on or make changes to this bug.