Feature #5640
mounting internal disks may be too easy
Start date:
Due date:
% Done:
0%
Description
Getting read-write access to internal hard-disk’s partitions (e.g. Windows ones)…
- until Tails 0.6.x (based on Debian Lenny): required running commands as root in a terminal
- in Tails 0.7 (based on Debian Squeeze): is two-clicks away in GNOME’s Places menu, thanks (?) to udisks.
Shall we consider this is a Tails bug or a feature?
In case we consider this is a bug, ways to disable this behaviour are:
- ad-hoc / short-term solution, via PolicyKit: the default policy shipped by udisks is in
/usr/share/polkit-1/actions/org.freedesktop.udisks.policy
and could be overridden in/etc/polkit-1/
- generic / long-term solution: implement better root access control. That was done in Tails 0.11. Mounting internal hard drive now ask for an administrative password, on behalf of
org.freedesktop.udisks.filesystem-mount-system-internal
.
What is left is to document how to access internal disks. Long term goal is to implement an opt-out read-only lock of internal hard disks.
Subtasks