Automount security concerns?

Matthias Fuchs mat69 at gmx.net
Fri Mar 11 19:46:41 GMT 2011


Am Freitag 11 März 2011, 19:05:44 schrieb Shaun Reich:
> > Yes physical access is always bad. But imagine you are at a place where
> > many people are (and stealing the pc is no option). Just going to the
> > toilet for a short moment -- with the screen locked -- could make your
> > computer cracked.
> > 
> > 
> > In general I think that nothing usb-stick/new hardware related should
> > happen if the screen is locked.
> 
> I'm assuming said toilet-user has also disabled the (far more
> important) firewire port? ;-)

Not every pc/laptop has one. And btw. just because one part is broken another 
should not be made more secure? With that argueing we could ignore nealy every 
security issue or probable issue. ;)

> 
> >if the screen is locked. And if really a usb-stick is connected to the pc
> >while locked, when a dialog should pop up -- which can only be accessed
> >when unlocking -- asking for further actions.
> 
> No point in that. Simply don't allow mounting when new devices appear
> and the screen is locked. When it is unlocked (it could probably just
> check for d-bus changes, to determine that) and there was a stick
> plugged in which still exists, mount it.

A user choosing to auto mount probably does not see the implications this 
could (!) have on security.
 
> I see your thinking in "show a dialog after an unlock, to let him know
> about it". But there is simply no point in that. If the (toilet-)user
> has physical access to it after finishing his business, has the
> passkey to unlock it, and does so without checking the computer for
> suspicious looking satellite dishes protruding from the PC, then that
> is his prerogative at that point.

USB as means to distribute malware should not be disregarded easily. There was 
a case locally where hundreds of computers were unuseable for days because of 
a virus spread unknowingly via usb.

Showing a dialog would at least help realising that someone else played with 
your machine or that you just tried to connect something to a locked computer.


Yes I don't know how severe this could be in the KDE case, yet of the two 
comments none so far shed more light into this imo, other than automounting is 
turned off by default.




More information about the kde-core-devel mailing list