著者: Abel Luck 日付: To: tails-dev 題目: Re: [Tails-dev] Tails: pcmcia / firewire / etc.
intrigeri: > Hi,
>
> Jacob Appelbaum wrote (13 Oct 2012 11:02:17 GMT) :
>> As this is a modular kernel - is there a reason not to simply add
>> a "enable firewire" widget?
>
> There are several I can see:
>
> * It is a UX failure every time someone has to go out of their way to
> have Tails work with their hardware.
> * Every such widget we add to Tails Greeter makes the greeter worse
> for every Tails user: more cluttered, more complicated.
>
> That's why I still prefer the "let's guess what the user wants"
> approach: if they plug a device in the "X" slot, that's probably
> because they want to use it, so let's keep the "X" bus enabled, and
> disable it else.
>
> OTOH, I understand your concern, and I now think the 5 minutes delay
> that was suggested may be a bit too long. We did not specify exactly
> when the 5 minutes countdown starts, anyway. Perhaps we could start an
> initscript right after GDM, have it sleep 1 minute, and then disable
> these dangerous buses if unused? (This gives a clear visual indication
> of when the countdown starts.)
Regardless of the solution proposed above, would it be possible to have
an alternate grub menu that disables these dangerous interfaces from the
get go?
There could be an "Advanced" grub menu entry, that displays these
alternative kernel-param boot options.
Surely, there should be *some* secure option where the window of attack
is zero?