Hi,
alan@??? wrote (26 Sep 2012 17:44:34 GMT) :
> We didn't reach a conclusion on this topic. The page on pcmcia is
> still tagged "discuss".
Thank you for resurrecting this discussion!
It's unclear to me what exact part of it you intended to resurrect,
but anyway, I guess it's good to have the whole picture in mind, and
we might even manage to find a common solution for PCMCIA,
ExpressCard, FireWire, and perhaps even Bluetooth.
This is all about todo/protect_against_external_bus_memory_forensics,
that links to:
* todo/disable expresscard?
* todo/disable pcmcia?
* todo/disable_firewire?
> * If a firewire card was inserted into the slot and the bus is active,
> pop up a dialog and ask "hey, you want to use firewire/etc.?"
I'm not sure it's possible to let a bus / slot "enabled enough" so
that the kernel and udev are able to pop up such a message, while
*not* allowing the inserted device to do Bad™ things. Details might be
tricky to get right. I hope we don't need something that clever,
implementation -wise.
> * disable these buses by default, allow opt-in through tails-greeter
> to enable
I guess this would be our worst case solution,
if we find nothing better. UX failure IMHO.
> * ask that users assert they want to use this or that bus, and make
> the assertion bind to a single device, rather than all devices
> blindly
I guess that's basically the same as the per-device pop up
dialog idea.
> * de-activate PCMCIA and ExpressCard on systems that don't have any
> PCMCIA or ExpressCard devices after running for 5 minutes. This is
> going to byte some users, but probably only the first time.
I am strongly inclined towards this one, for PCMCIA, ExpressCard
FireWire and even Bluetooth.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc