Package: ltspfs Version: 0.4.3+debian2 In Debian Edu, one tester discovered that the user logging into a LTSP thin client with a local hard drive got read/write access to the content of that hard drive. The bug report is in <URL:http://bugs.skolelinux.no/show_bug.cgi?id=1209>, and I quote:
When the user looks in /media/$USERNAME he will have full read access to the harddrive in the thinclient. This is not what one might expect, and is a disaster in i lot of real-life settings. One such real-life setting where that would mean trouble is in schools where they sometimes use teachers laptops to get extra clients during special times, for example when they have exams, and they need to double the number of available machine for a short time. Oh, when the harddrive contained windows(ntfs) the disk was read-only, but when the harddrive had linux, it was read/write! This is a serious problem for Debian Edu, as no sysadmin expect non-root users to gain direct access to the local hard drive, especially when PXE-booting a machine. It would be better if the local device access provided by ltspfs was limited to removable media only. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
