Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Please grant uaccess permissions to removable USB disks #18304
Comments
|
Uh, this opens a can of worms: unpriv users that can modify raw file systems that the linux kernel then mounts and accesses? yuck. kernel file system devs made very clear they don't intend their implementations to be robust against rogue file system images, but it's an entirely new can of worms to allow runtime access to unpriv users completely uncontrolled even while the image might be mounted! udisks can write disk images to USB disks. what#s wrong with using that? |
poettering
added
needs-discussion 
A malicious USB drive, or any gadget that supports looking like a USB mass storage device, could already do that. If that's exploitable, it's already exploitable on systems that enable automounting. I don't think this opens up any new attack surface area. Along the same lines but much more simply, as far as I can tell it's already possible to use If your system allow local users to automount filesystems, this attack surface is already present. Adding these permissions would not introduce any new attack surface. These permissions would just make it easier and safer for legitimate users to write to removable devices they plug in.
There are many, many more disk-image-related tools (and scripts) built around writing to the underlying disk device, rather than asking udisks to do so. My goal here was to make it safe for users to run |
Plugging in a removable USB disk shouldn't just mount the disk and give logged-in local users access to it. Ideally, those users would also have access to the USB disk device.
This would allow users to do things like writing a disk image to a disk device, without getting in the habit of using sudo to do so. That substantially improves safety, since the user would be able to write to removable USB disks but not accidentally overwrite a non-removable disk.
Older Linux distributions used to do this, with a rule like
SUBSYSTEM=="block", ATTRS{removable}=="1", GROUP="floppy". I think it'd be appropriate to do so today using uaccess alone, rather than a group.The text was updated successfully, but these errors were encountered: