Re: [Tails-dev] Help needed with branch bugfix/writable_boot…

Nachricht löschen

Nachricht beantworten
Autor: intrigeri
Datum:  
To: quidame
CC: The Tails public development discussion list
Betreff: Re: [Tails-dev] Help needed with branch bugfix/writable_boot_media
Hi,

intrigeri wrote (10 Jun 2013 16:25:14 GMT) :
>> 2. the only one relevant file in bilibop-udev is 66-bilibop.rules; so it
>> is possible to modify it again (+2 lines), or even not install
>> bilibop-udev (but only bilibop-common), and add a specific rules file in
>> the amnesia git repository (I think in
>> config/chroot_local-includes/etc/udev/rules.d/). Additionally, you could
>> merge it with the existing 99-hide-TailsData.rules. In that case, this
>> could give: [...]


>> What do you think about that ?


> Great, I do like it! It allows us to externalize the bulk of the work
> to bilibop (which is great), while at the same time giving us
> fine-grained control on what exactly we want it to do.


>> If needed I can help to write what you need.


> I'll give it a try ASAP, and will get back to you if I need help.
> Thanks for the offer :)


I've tried it, and what you suggested in your out-of-thread forwarded
email worked fine (UDISKS_SYSTEM_INTERNAL was set for the Tails boot
medium). However, it is not effective in practice as Squeeze's udisks
does not support this property yet.

So, I guess this specific protection will have to wait until Tails is
based on Wheezy, unless someone can think of a way to implement
per-device udisks-level write access protection with udisks
1.0.1+git20100614-3.

One more reason to work on porting to Wheezy!

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc