Bug #14931: Tails mounts a windows boot partition with amnesia rights

Bug #14931

Tails mounts a windows boot partition with amnesia rights

Added by goupille 2017-11-07 15:19:11 . Updated 2017-12-12 11:52:14 .

Status:

Rejected

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

2017-11-07

Due date:

% Done:

Feature Branch:

Type of work:

Research

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

a user complains that Tails is mounting the Boot partition of Windows, without asking for an administrator password.

the logs are showing this :

amnesia udisksd[15824]: Mounted /dev/sde2 at /media/amnesia/BootDisk-Windows10 on behalf of uid 1000

WhisperBack report: cfa91021a201076cbc684396d7d6d190

Subtasks

Related issues

Blocks Tails - ~~Feature #13244~~: Core work 2017Q4: Foundations Team

Resolved

2017-06-29

History

#1 Updated by goupille 2017-11-07 15:22:36

I sent the complete logs to the dev

#2 Updated by intrigeri 2017-11-07 15:27:52

Assignee changed from intrigeri to goupille
QA Check set to Info Needed

I suspect the internal drive is somehow recognized as a removable one and/or the partition has a GPT flag that says “please mount me!” to the OS, or something. I can’t easily investigate this without more info as I have no such Windows disk around.

Any chance we can get info from this person? The output of “udisksctl dump” would be useful. It’s sensitive info so better send it to me privately.

#3 Updated by intrigeri 2017-11-11 13:34:13

Description updated

(Adding WB report ID to the description, still waiting for goupille’s answer.)

#4 Updated by intrigeri 2017-11-11 13:35:21

blocks ~~Feature #13244~~: Core work 2017Q4: Foundations Team added

#5 Updated by intrigeri 2017-11-11 13:48:30

The offending device is a 250GB drive connected via USB. And indeed, in the live-persist log I see [sde] Attached SCSI removable disk.

This explains why the user has write access to this storage device (probably because of /etc/udev/rules.d/99-make-removable-devices-user-writable.rules).

So either this drive is physically internal, i.e. inside the computer, and then this is another instance of our well-known semantics problem wrt. internal vs. external drives.

Or it’s an external USB drive, and then I think Tails works as designed and intended, and if the user doesn’t want their Tails to have access to such a drive, then they should unplug it.

Let’s see once goupille has given me the requested info.

#6 Updated by goupille 2017-12-12 11:52:14

Status changed from New to Rejected
Assignee deleted (~~goupille~~)
QA Check deleted (~~Info Needed~~)

no news from the user, therefore, I close this ticket.