Author: Andrew Gallagher Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] Feature #5301 - Clone or Backup Persistent Volume
> On 10 Jan 2016, at 00:01, intrigeri <intrigeri@???> wrote:
>
> In Tails, we also directly access the block device as the amnesia
> user, since
> /etc/udev/rules.d/99-make-removable-devices-user-writable.rules allows
> us to do that.
Ah, this could be the game changer. I'll look into that and see if it gives me the powers I need to avoid setuid (which is the source of all the problems).
> On Debian/Ubuntu, we are more limited so we use some operations that
> require administrator credentials:
>
> * opening the block device with udisks2, to get a filehandle for
> writing the MBR;
> * running syslinux as root, using pkexec.
From what little I know of policykit, the same security caveats as setuid would usually apply...?