Re: [Utopia] [patch] Disable automounting when screen saver is running

["Simon Howard" <fraggle gmail com>]

On 11/16/06, Kay Sievers <kay sievers vrfy org> wrote:
> Are we going to hack around people, that have physical access to the
> box and are able to add/remove hardware now? How about a corrupt
> network card and NetworkManager? Should we disable NM, when the
> screensaver is active too? Same problem with PTP cameras, and ...
>
> I would say we should leave such "problems" to the proper
> infrastructure with console activity tracking, instead of introducing
> such weird hacks. :)

I agree with this 100%.  As far as I can tell, the argument seems to
be "a filesystem might have a bug in it and automounting would allow
that to be exploited".  In which case, it make more sense to just fix
any kernel bugs at their source.  There could be bugs in the kernel in
any manner of other USB devices or any other devices.   In any case,
someone desperate to gain access to a machine like this is far more
likely to reboot it and boot from a live CD than to devise a carefully
crafted corrupted GFS2 filesystem on a USB pendrive that will disable
the screensaver.

On the flipside, this potentially has a really annoying effect on
people who are using USB devices.  Here's a use case:

1. Joe wants to copy some files from Bob.  Bob works in secure lab
with no network access on the other side of the building.
2. Joe goes to Bob's desk, locking his machine while he is away.
3. Bob gives Joe a USB disk containing the files.
4. Joe returns to his desk.  His USB port is located on the back of
his computer, so he must crawl under his desk to plug in the disk.
Because of this, he plugs it in before he sits back down and unlocks
his screen.
5. Joe unlocks his screen.  The USB disk has not mounted.
6. Joe must now crawl under the desk again to unplug the disk and plug
it back in again.

--
Simon Howard
http://www.soulsphere.org/