[Pkg-ltsp-devel] Bug#432024: ltspfs: Provide non-root users access to the local hard drive on the client
Petter Reinholdtsen
pere at hungry.com
Fri Jul 6 20:03:34 UTC 2007
Package: ltspfs
Version: 0.4.3+debian2
In Debian Edu, one tester discovered that the user logging into a LTSP
thin client with a local hard drive got read/write access to the
content of that hard drive. The bug report is in
<URL:http://bugs.skolelinux.no/show_bug.cgi?id=1209>, and I quote:
When the user looks in /media/$USERNAME he will have full read
access to the harddrive in the thinclient. This is not what one
might expect, and is a disaster in i lot of real-life settings. One
such real-life setting where that would mean trouble is in schools
where they sometimes use teachers laptops to get extra clients
during special times, for example when they have exams, and they
need to double the number of available machine for a short time.
Oh, when the harddrive contained windows(ntfs) the disk was
read-only, but when the harddrive had linux, it was read/write!
This is a serious problem for Debian Edu, as no sysadmin expect
non-root users to gain direct access to the local hard drive,
especially when PXE-booting a machine.
It would be better if the local device access provided by ltspfs was
limited to removable media only.
Happy hacking,
--
Petter Reinholdtsen
More information about the Pkg-ltsp-devel
mailing list