Re: [Tails-dev] Feature #5301 - Clone or Backup Persistent V…

Delete this message

Reply to this message
Author: Andrew Gallagher
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Feature #5301 - Clone or Backup Persistent Volume

> On 10 Jan 2016, at 00:01, intrigeri <intrigeri@???> wrote:
>
> In Tails, we also directly access the block device as the amnesia
> user, since
> /etc/udev/rules.d/99-make-removable-devices-user-writable.rules allows
> us to do that.


Ah, this could be the game changer. I'll look into that and see if it gives me the powers I need to avoid setuid (which is the source of all the problems).

> On Debian/Ubuntu, we are more limited so we use some operations that
> require administrator credentials:
>
> * opening the block device with udisks2, to get a filehandle for
> writing the MBR;
> * running syslinux as root, using pkexec.


From what little I know of policykit, the same security caveats as setuid would usually apply...?

Thanks!

A