Feature #5640

mounting internal disks may be too easy

Added by Tails 2013-07-18 07:43:53 . Updated 2013-07-19 01:47:34 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

Getting read-write access to internal hard-disk’s partitions (e.g. Windows ones)…

  • until Tails 0.6.x (based on Debian Lenny): required running commands as root in a terminal
  • in Tails 0.7 (based on Debian Squeeze): is two-clicks away in GNOME’s Places menu, thanks (?) to udisks.

Shall we consider this is a Tails bug or a feature?

In case we consider this is a bug, ways to disable this behaviour are:

  • ad-hoc / short-term solution, via PolicyKit: the default policy shipped by udisks is in /usr/share/polkit-1/actions/org.freedesktop.udisks.policy and could be overridden in /etc/polkit-1/
  • generic / long-term solution: implement better root access control. That was done in Tails 0.11. Mounting internal hard drive now ask for an administrative password, on behalf of org.freedesktop.udisks.filesystem-mount-system-internal.

What is left is to document how to access internal disks. Long term goal is to implement an opt-out read-only lock of internal hard disks.

Subtasks

History

#1 Updated by intrigeri 2013-07-19 01:47:34

  • Type of work set to Code

Type of work: Code