On Fri, 2004-09-10 at 05:40 -0700, Steve G wrote: > >I'm not sure what the default policy should be though - most people are > >happy about not having to go to the commandline to get access to their > >partitions and some people have more or less valid security concerns. > > OK, I've had some time to think this over. Traditionally, the default is on the > open - all inclusive side of things unless there is the possibility of damage. > e.g., tcp_wrapper defaults to open, iptable defaults to open. You must intervene > to secure the system. > > As long as the drives are only detected and mount points made, it don't have a > problem. If the drives are *mounted*, I have a real problem. By mounting the > drive, you may suddenly cause a drive to get fsck'ed by a newer program that > oopses older kernels, Has this actually happened? > or relabeled by SE Linux which will oops older kernels. Yes; it's really a bug that the default relabeling procedure will try to relabel mount points. I've submitted a patch to fix this.
Description: This is a digitally signed message part