On 12.01.2008 18:10, TimC wrote: > Bodo Eggert <[EMAIL PROTECTED]> said on Sat, 12 Jan 2008 02:41:17 +0100 (CET): > > On Fri, 11 Jan 2008, Lennart Sorensen wrote: > > > On Fri, Jan 11, 2008 at 05:22:45PM +0100, Bodo Eggert wrote: > > > > > > What can happen if someone does tune2fs -Lroot /dev/usbstick > > > > and puts that stick into this system? > > > > > > Don't know. I use UUIDs rather than LABELs. Having duplicated labels > > > just means being careless. Having duplicate UUIDs should require being > > > malicous. > > > > That's exactly what you have to assume for your users. Otherwise, you could > > remove any security feature from the system. > > If they've got physical access to your machine, you've already lost.
As a last resort there is always the option to encrypt everything. Of course you loose the LABEL & UUID support with that. But i circumvented that by a custom udev script and marking the MBR in the documented 4 bytes for an ID that is used by said script to create an appropriate symlink. Together with a matching autofs-conf i can still automatically mount all my >50 encrypted HDDs i have stacked on my shelf. :-) Bis denn -- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
