Project

General

Profile

Feature #5636

Document how to access internal hard disks

Added by Tails almost 6 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
Due date:
% Done:

100%

QA Check:
Pass
Feature Branch:
doc/5636-accessHD
Type of work:
End-user documentation
Blueprint:
Starter:
Affected tool:

Description

Tails can access local hard disks when an administrative password is set at boot time. That ought to be documented (and also what can be dangerous such action).


Related issues

Duplicated by Tails - Bug #6854: Create a doc page "how to access your hard disk" Duplicate 03/06/2014
Blocks Tails - Feature #5398: Improve "your data won't be saved unless explicitly asked" documentation Resolved
Blocks Tails - Feature #7143: Rework /doc/advanced_topics/virtualization/ Resolved 04/30/2014
Blocks Tails - Bug #8881: Explain how to access HD when it's a LVM volume Resolved 02/08/2015

Associated revisions

Revision 48342fb2
Added by Tails developers about 4 years ago

Merge remote-tracking branch 'origin/doc/5636-accessHD' (Closes: #5636).

History

#1 Updated by intrigeri about 5 years ago

  • Duplicated by Bug #6854: Create a doc page "how to access your hard disk" added

#2 Updated by intrigeri almost 5 years ago

  • Blocks deleted (Feature #6860: Conduct a usability testing session on Tails at NUMA)

#3 Updated by BitingBird over 4 years ago

  • Related to Feature #5398: Improve "your data won't be saved unless explicitly asked" documentation added

#4 Updated by BitingBird over 4 years ago

  • Related to deleted (Feature #5398: Improve "your data won't be saved unless explicitly asked" documentation)

#5 Updated by BitingBird over 4 years ago

  • Blocks Feature #5398: Improve "your data won't be saved unless explicitly asked" documentation added

#6 Updated by BitingBird over 4 years ago

  • Description updated (diff)
  • Assignee set to sajolida
  • Target version set to Tails_1.3
  • QA Check set to Ready for QA
  • Feature Branch set to bitingbird:doc/5636-accessHD

Please review & merge :)

#7 Updated by intrigeri over 4 years ago

  • Feature Branch changed from bitingbird:doc/5636-accessHD to doc/5636-accessHD

Rebased on master.

#8 Updated by intrigeri about 4 years ago

  • Status changed from Confirmed to In Progress

#9 Updated by sajolida about 4 years ago

  • Assignee changed from sajolida to BitingBird
  • QA Check changed from Ready for QA to Dev Needed

Thanks for the draft. I pushed a few commits to doc/5636-accessHD so make sure to fetch them.

Here are a few comments:

  • Use dotted lists when doing enumerations to make them more scanned to the eyes. Here the first class="caution" could be changed into a list. Bonus points: it will break your sentence which is more than 25 words right now.
  • The last part "an application is compromised, this can lead to de-anonymisation" would benefit to be a bit more explicit. Is it that an compromised application could access the data on the disk and from that de-anonymize you?
  • Do a git grep on the wiki to find the usual and more technically correct version of "you need to select the administration password startup option". Reuse is the key!
  • Check the GDSG for the correct version of "left panel": https://developer.gnome.org/gdp-style-guide/2.32/gdp-style-guide.html
  • Use class="caution" only for dangerous things. Your last three items should be class="note" probably.
  • I'm not satisfied with "a bit more complicated"... Persmissions problem can be fixed by opening Nautilus as root. If we don't want to explain that, what about saying something about requiring administration rights?
  • Regarding LVM, what happens by default? what happens if you run vgchange -ay do we want to document that? shall we point to external documentation?

#10 Updated by BitingBird about 4 years ago

sajolida wrote:

Thanks for the draft. I pushed a few commits to doc/5636-accessHD so make sure to fetch them.

Here are a few comments:

  • Use dotted lists when doing enumerations to make them more scanned to the eyes. Here the first class="caution" could be changed into a list. Bonus points: it will break your sentence which is more than 25 words right now.

done

  • The last part "an application is compromised, this can lead to de-anonymisation" would benefit to be a bit more explicit. Is it that an compromised application could access the data on the disk and from that de-anonymize you?

no idea, i asked intri to list the problems and he said that.

  • Do a git grep on the wiki to find the usual and more technically correct version of "you need to select the administration password startup option". Reuse is the key!

done (I think)

ok -> corrected to "left pane" although I find it weird

  • Use class="caution" only for dangerous things. Your last three items should be class="note" probably.

done

  • I'm not satisfied with "a bit more complicated"... Permissions problem can be fixed by opening Nautilus as root. If we don't want to explain that, what about saying something about requiring administration rights?
  • Regarding LVM, what happens by default? what happens if you run vgchange -ay do we want to document that? shall we point to external documentation?

I didn't fix both those points, because it's also intri's input and I don't know.

I also didn't fetch your modifications, I have nobody nearby to help me and the docs don't work. Sorry.

#11 Updated by intrigeri about 4 years ago

sajolida wrote:

  • The last part "an application is compromised, this can lead to de-anonymisation"
    would benefit to be a bit more explicit. Is it that an compromised application
    could access the data on the disk and from that de-anonymize you?

no idea, i asked intri to list the problems and he said that.

Right, unless the data on disk is not identifying (unlikely, taking this data as a whole), then it can be used by an exploited application to de-anonymize the user.

  • I'm not satisfied with "a bit more complicated"... Permissions problem can be
    fixed by opening Nautilus as root. If we don't want to explain that, what about
    saying something about requiring administration rights?

Sounds good. I assume it can be done with a light amount of additional work, so maybe doesn't need another ticket and can be handled on this one.

  • Regarding LVM, what happens by default?

Nothing useful when a PV appears (e.g. after unlocking a dm-crypt volume that hosts a PV).

what happens if you run vgchange -ay

Then the VG and all LVs in there appear. Maybe they can even be mounted from GNOME Disks (not sure).

do we want to document that? shall we point to external documentation?

I think that this would be worth another ticket, but the work done on documenting the simple cases seems already useful in itself.

#12 Updated by sajolida about 4 years ago

  • Blocks Feature #7143: Rework /doc/advanced_topics/virtualization/ added

#13 Updated by sajolida about 4 years ago

intrigeri suggested that this blocks #7143 when mentioning shared folders from a virtual machine.

#14 Updated by sajolida about 4 years ago

You apparently didn't merge my changes into your local branch before working on it again. So I'll redo your changes manually, since now this is blocking #7143.

#15 Updated by BitingBird about 4 years ago

Sorry, I was waiting to have a git expert at hand before working on this again :)

#16 Updated by intrigeri about 4 years ago

BitingBird wrote:

Sorry, I was waiting to have a git expert at hand before working on this again :)

I've had a look, and it seems that you could "simply" merge the upstream branch into yours, and then resolve the conflicts (basically everything conflicts since you've been working on the same paragraphs in parallel).

#17 Updated by BitingBird about 4 years ago

Reseted my branch, I'll work on your further comments.

#18 Updated by BitingBird about 4 years ago

intrigeri wrote:

sajolida wrote:

  • The last part "an application is compromised, this can lead to de-anonymisation"
    would benefit to be a bit more explicit. Is it that an compromised application
    could access the data on the disk and from that de-anonymize you?

no idea, i asked intri to list the problems and he said that.

Right, unless the data on disk is not identifying (unlikely, taking this data as a whole), then it can be used by an exploited application to de-anonymize the user.

So... sajolida, you want to change the phrasing?

  • I'm not satisfied with "a bit more complicated"... Permissions problem can be
    fixed by opening Nautilus as root. If we don't want to explain that, what about
    saying something about requiring administration rights?

Sounds good. I assume it can be done with a light amount of additional work, so maybe doesn't need another ticket and can be handled on this one.

Changed the sentence, but I'm not sure what level of details to give.

  • Regarding LVM, what happens by default?

Nothing useful when a PV appears (e.g. after unlocking a dm-crypt volume that hosts a PV).

what happens if you run vgchange -ay

Then the VG and all LVs in there appear. Maybe they can even be mounted from GNOME Disks (not sure).

do we want to document that? shall we point to external documentation?

I think that this would be worth another ticket, but the work done on documenting the simple cases seems already useful in itself.

I can open another ticket for that.

#19 Updated by BitingBird about 4 years ago

  • Blocks Bug #8881: Explain how to access HD when it's a LVM volume added

#20 Updated by BitingBird about 4 years ago

  • Assignee changed from BitingBird to sajolida
  • QA Check changed from Dev Needed to Ready for QA

Opened #8881 for LVM details.

For the rest, I welcome formulation propositions, because I really don't see how to present that.

#21 Updated by sajolida about 4 years ago

  • Priority changed from Normal to Elevated

#22 Updated by sajolida about 4 years ago

  • Assignee changed from sajolida to intrigeri
  • Priority changed from Elevated to Normal

So I did five more commits, see a876b18..a2123cc. I'm now assigning this ticket to intrigeri for final review.

#23 Updated by Tails about 4 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 0 to 100

Applied in changeset commit:7d4587e1cefcdd3e8d85d0011131678f8b4f960c.

#24 Updated by intrigeri about 4 years ago

  • % Done changed from 100 to 0

I'm not entirely convinced by the "normal text / (caution + notes)" ratio, but oh well.

#25 Updated by intrigeri about 4 years ago

  • Assignee deleted (intrigeri)
  • % Done changed from 0 to 100
  • QA Check changed from Ready for QA to Pass

Also available in: Atom PDF