Date:        Wed, 15 Oct 2003 18:12:49 +0530
    From:        Kamal R Prasad <kamalrpr@in.ibm.com>
    Message-ID:  <OF5004EF37.8C4FE39B-ON65256DC0.00453B69-80256DC0.005E88F2@in.ibm.com>

  | If you want to allow a non-root to insert bad media and crash the system, 
  | that doesn't sound like a good idea

No, of course not, I want to prevent that.

  | [but the same is ok if the root is 
  | allowed to, since he has more ways than one to crash a system].

It is OK if there is some good reason (or if it is very hard to prevent).
But if we can prevent root from accidentally crashing the system, that's
good to do as well.

That is, here there's no specific reason that a root user would be
specifically trying to crash the system by mounting a bad filesys, so
we don't have to go to special lengths to allow that to happen.

Easier is just to prevent bad data in a filesystem from causing a panic,
or other crash, regardless of who mounted it, isn't it?

  | Maybe, at mount time - a check can be made by the mount command if it is 
  | safe to mount a filesystem if an unprivileged user is mounting one.

Then mount would have to be setuid, and now it isn't.   In any case, doing
a thorough check like that would be quite difficult, and even then, that
wouldn't provide any protection against bad data growing in the filesystem
due to I/O errors, etc.

kre