[Pkg-utopia-maintainers] Bug#556416: hal's automounting of devices can lead to many problems including security realted issues
Christoph Anton Mitterer
christoph.anton.mitterer at physik.uni-muenchen.de
Sun Nov 15 22:33:39 UTC 2009
It seems that Debian's default for hal is to mount many different
kinds of filesystems automatically (removable as well as non-removable).
Actually I think this is not only very bad behaviour but potentially
also security critical.
Nowadays users, even on servers can barely avoid installing hal as so
many stuff depends on it.
I think this puts special demands on the maintainers to also take care
of such users.
Of course I also understand that some well let's say "end users"
prefer their devices to be automatically mounted.
I suggest the best solution would be to make it configurable via
debconf, where the user can select which devices should be automounted
(better said their filesystems). And the user should be warned that
this can have impacts (see below), and that it happens read-wirtable,
The default however should be definitely to not auto-mount anything.
Now some reasons why IMHO it is a bad idea to automount stuff:
- This is not the out of the box behaviour of Linux/Unix itself and
users expect that only stuff in fstab can get automatically mounted.
- If one doesn't know of hal's behaviour, one does not recognise that
filesystems are mounted and simply removes devices without unmounting
=> data loss possible
- Also the permissions of files on such devices might be set in an
unsecure way, and the owner that inserts the devices does not want to
have it mounted per se, because that anyone would be able to read.
- The same applies to filesystems like *FAT* which do not support unix
like owners/etc. ... thus a filesystem might be automounted with
- If the filesystem is already damaged, or not cleanly unmounted, it
can happen that mounting (even if it would be ro) changes the data
(e.g. the case with ext*) and destroys attempts to make forensics on
- Simply "inserting" a removable device should not change anything on
it. This is however easily possible once it's mounted.
- Auto-mounting may introduce problems with privacy laws (e.g. devices
with private or personal data, which is (once mounted) automatically
scanned with virus scanners or whatever).
- Auto-mounting usually happens NOT with nosuid, nodev, noexec, etc.
... which also introduces the possibilities of security problems.
For that (and many other reasons I've not written down). I strongly
suggest to either deactivate automounting at all,... or make it
configurable via debconf (with the default at deactivated) and give
the user warnings with examples as above.
The same should by the way done with hals successor (devicekit) which
is also maintained by the Utopia Team.
btw: I think this bug should be flagged as security/critical,... I've
chosen not to do so,.. as this only makes you upset ;) But I suggest
to increase the priority.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.31-fermat (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages hal depends on:
ii acl 2.2.48-1 Access control list utilities
ii adduser 3.111 add and remove users and groups
ii consolekit 0.3.1-2 framework for defining
ii dbus 1.2.16-2 simple interprocess
ii hal-info 20090716-1 Hardware Abstraction
Layer - fdi f
ii libblkid1 2.16.1-4 block device id library
ii libc6 2.10.1-5 GNU C Library: Shared libraries
ii libdbus-1-3 1.2.16-2 simple interprocess
ii libdbus-glib-1-2 0.82-2 simple interprocess
ii libexpat1 2.0.1-4 XML parsing C library -
ii libglib2.0-0 2.22.2-2 The GLib library of C routines
ii libhal-storage1 0.5.13-3 Hardware Abstraction
Layer - share
ii libhal1 0.5.13-3 Hardware Abstraction
Layer - share
ii libpolkit2 0.9-4 library for accessing PolicyKit
ii libusb-0.1-4 2:0.1.12-13 userspace USB programming library
ii lsb-base 3.2-23 Linux Standard Base 3.2
ii mount 2.16.1-4 Tools for mounting and
ii pciutils 1:3.1.4-2 Linux PCI Utilities
ii policykit 0.9-4 framework for managing
ii udev 146-6 /dev/ and hotplug
ii usbutils 0.86-2 Linux USB utilities
Versions of packages hal recommends:
ii eject 2.1.5+deb1+cvs20081104-7 ejects CDs and operates
ii pm-utils 1.2.5-4 utilities and scripts for
Versions of packages hal suggests:
ii gnome-device-manager 0.2-3 GNOME device manager based on HAL
-- no debconf information
This message was sent using IMP, the Internet Messaging Program.
More information about the Pkg-utopia-maintainers