Yes, this is a good idea.
> An alternate solution would be to allow users to run the mount system
> call as unprivileged users, but have the kernel enforce some basic
> security policy (users must own the mount point, nosuid, nodev,
> etc. would be turned on, etc.) I think BSD does this, and it's not
> necessarily a bad idea....
It smells too much of having the kernel decide policy. Its all very
well for the kernel to deny dangerous things to normal users, but it
should be possible to circumvent it with an appropriate suid program.
All you need are the tools to make it possible to write such programs
safely.
I would agree, however, that mount shouldn't follow symlinks on the
mountpoint (I'm not sure if it does at the moment, and given the current
development kernels, I doubt if the kernel knows either).
J