mounting internal disks may be too easy
Originally created by Tails on #5640 (Redmine)
Getting read-write access to internal hard-disk’s partitions (e.g. Windows ones)…
- until Tails 0.6.x (based on Debian Lenny): required running commands as root in a terminal
- in Tails 0.7 (based on Debian Squeeze): is two-clicks away in GNOME’s Places menu, thanks (?) to udisks.
Shall we consider this is a Tails bug or a feature?
In case we consider this is a bug, ways to disable this behaviour are:
- ad-hoc / short-term solution, via PolicyKit: the default policy
shipped by udisks is in
/usr/share/polkit-1/actions/org.freedesktop.udisks.policy
and could be overridden in/etc/polkit-1/
- generic / long-term solution: implement better root access
control. That was done in Tails
0.11. Mounting internal hard drive now ask for an administrative
password, on behalf of
org.freedesktop.udisks.filesystem-mount-system-internal
.
What is left is to document how to access internal disks. Long term goal is to implement an opt-out read-only lock of internal hard disks.