Automount security concerns?

[Shaun Reich]

> Yes physical access is always bad. But imagine you are at a place where many
> people are (and stealing the pc is no option). Just going to the toilet for a
> short moment -- with the screen locked -- could make your computer cracked.

>
> In general I think that nothing usb-stick/new hardware related should happen
> if the screen is locked.

I'm assuming said toilet-user has also disabled the (far more
important) firewire port? ;-)

>if the screen is locked. And if really a usb-stick is connected to the pc
>while locked, when a dialog should pop up -- which can only be accessed when
>unlocking -- asking for further actions.

No point in that. Simply don't allow mounting when new devices appear
and the screen is locked. When it is unlocked (it could probably just
check for d-bus changes, to determine that) and there was a stick
plugged in which still exists, mount it.

I see your thinking in "show a dialog after an unlock, to let him know
about it". But there is simply no point in that. If the (toilet-)user
has physical access to it after finishing his business, has the
passkey to unlock it, and does so without checking the computer for
suspicious looking satellite dishes protruding from the PC, then that
is his prerogative at that point.

-- 
Shaun Reich,
KDE Developer (www.kde.org)