Project

General

Profile

Feature #5918

Better internal hard disks lockdown

Added by Tails almost 6 years ago. Updated over 3 years ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

QA Check:
Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

Tails user can currently access their local hard disks. It is only possible when an administrative password is set at boot time, but still it would be better to make internal drives read-only at kernel level to prevent anything bad from happening, unless explicitly desired. The later is useful to wipe a file or the whole device.

About implementation: live-boot's readonly option does the read-only part, but it does that for every device, including removable ones, which is painful when using persistence (#5910) stored on the USB stick Tails is running from. We need to add a readonly=fixed option to live-boot that would do that only for fixed (internal) disks.

Once that is done, an option must be added to get write access back. Either in Tails Greeter or on the command-line.

History

#1 Updated by sajolida over 3 years ago

  • Description updated (diff)
  • Target version deleted (Hardening_M1)

Also available in: Atom PDF