To summarize where we are now. The mount helper currently allows any user to:
1) Mount anything under /dev/ to a mountpoint under /media
2) Create empty directories anywhere if they can create symlinks in /media
3) Remove empty directories in /media
This is pretty much the minimal set of requirements for the mount helper to
work (I could possibly restrict the entries under /dev to block devices only as
well). If it turns out that this set of requirements is a security
vulnerability, then the mount helper will be removed. If not, it will stay.
To summarize where we are now. The mount helper currently allows any user to:
1) Mount anything under /dev/ to a mountpoint under /media
2) Create empty directories anywhere if they can create symlinks in /media
3) Remove empty directories in /media
This is pretty much the minimal set of requirements for the mount helper to
work (I could possibly restrict the entries under /dev to block devices only as
well). If it turns out that this set of requirements is a security
vulnerability, then the mount helper will be removed. If not, it will stay.