Comment 0 for bug 13131

Package: mount
Version: 2.12p-2
Severity: grave
Justification: user security hole

If a non-root user mounts media (in my case, a CD-ROM), and attempts to kill
the process (in my case, a mad combination of ^C and ^\), the filesystem can
be mounted, yet not appear in /etc/mtab.

This means that when the user does a "df", it does not show up, and when
they try to unmount it (unless they are root), they are denied, told that
the filesystem is not mounted according to /etc/mtab.

This introduces two security holes:

 1) A malicious user could lock-up removable media for anybody else
that wishes to use the system; or

 2) A user is told that data is not available which actually is,
which could mislead them into leaving it there for others to access.

.. and, of course, in the case of cd-rom's which are usually locked while
moutned, a user without root access or access to the person with root access
can't get his/her CD rom back (without sticking a needle in the little hole,
but we don't want them to do that, do we?)

 - Tyler

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-1-k7
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)

Versions of packages mount depends on:
ii libblkid1 1.36release-1 block device id library
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libuuid1 1.36release-1 universally unique id library

-- no debconf information