Bug#675467: ITP: bilibop -- run Debian from external media

To: quidame@poivron.org
Cc: 675467@bugs.debian.org
Subject: Bug#675467: ITP: bilibop -- run Debian from external media
From: intrigeri <intrigeri@debian.org>
Date: Sun, 03 Jun 2012 00:59:03 +0200
Message-id: <[🔎] 85txytqq14.fsf@boum.org>
Reply-to: intrigeri <intrigeri@debian.org>, 675467@bugs.debian.org
In-reply-to: <[🔎] 7d48d1778d856f42bfd75168dc699e9d@poivron.org> (quidame@poivron.org's message of "Sat, 02 Jun 2012 15:05:42 +0200")
References: <[🔎] 20120601131051.5723.72626.reportbug@xporter> <[🔎] 85bol266mz.fsf@boum.org> <[🔎] 7d48d1778d856f42bfd75168dc699e9d@poivron.org>

Hi,

quidame@poivron.org wrote (02 Jun 2012 13:05:42 GMT) :
>>> bilibop-common: shell functions to find the drive hosting the root
>>> filesystem (dm-crypt, LVM, loop devices, aufs and any combination
>>> of them are supported)
>>
>> This might be useful for Tails' implementation of "wipe memory on
>> shutdown".
> I have Tails installed on a USB key; the "wipe memory on shutdown"
> seems to work well, without need of bilibop-common or whatever.

Nice to hear. However, we're generally happy to replace custom code
with some generic code maintained by others than us, who seem to be
experts in the specific area this code is about -- especially when our
own quick hack quickly shows its limits in unusual installations of
Tails. We try to cap our instance of the NIH syndrom to the
bare minimum.

>>> bilibop-rules: udev rules to fix the removable drive hosting the running
>>> system, and all its partitions, as members of the 'disk' group
>> I fail to understand how a drive can be a member of the 'disk' group.
>> Please enlighten me. (Being offline, I can't read the mentionned bug
>> right now, but still, the package description should make sense by
>> itself, without needing to access online resources.)
> Boot on Debian, plug a USB/FireWire drive (key or HDD) on, and execute
> 'ls -l /dev/sd*':
> You should see /dev/sda and its partitions as members of the 'disk' group
> (and maybe also /dev/sdb* if there is a second internal HDD).

Ah, you mean *owned* by the "disk" vs. "floppy" group.
Now (and now that I've read the referenced bug) it's perfectly clear :)
I don't think it's correct and clear to tell a drive is a "member" of
a group.

>>> (fixes bug #645466).

I think s/fixes/is a way to workaround/ would be more correct.
Unfortunately, #645466 is likely to remain unfixed even once bilibop
is in Debian :(

> For example, you told me about Tails. So, boot on it (the LiveUSB,
> of course) find the drive which your system is running from (here,
> we say /dev/sdb), and, as the normal user, just type 'shred -vzn0
> /dev/sdb'. Now your 'secured' system is lost.

Right. I'm glad we've learnt of this security issue. Thank you.
I've added it to our bug tracker:
https://tails.boum.org/bugs/writable_system_disk:_belongs_to_floppy_group/

Do you want to be credited for this discovery? (even if, formally
speaking, you did not report it to us: had I not read debian-devel,
I would probably not have learnt about it that soon, would I?)

> So, find the drive hosting the running system and protect it from
> user mistakes is what I call 'fix a security issue' or 'make the
> system more robust'.

Sure. I can't wait using it in Tails. Are there any difficulties you
think we may encounter in the process?

Please note that I did not mean to suggest bilibop does not fix
security issues or does not makes a system more robust: I was merely
pointing out that 1. the description was not explaining why and how
clearly enough to my taste; 2. I was interested and I wanted to know
more. Your reply looks like a good source of inspiration to make the
package description more thorough and precise.

>>> Other optional features for the desktop environment (based on
>>> Udisks).
>>
>> Such as?
> By setting:  [...] As said above, this is optional, and only for
> convenience: hide partitions, or show them with icons and/or names
> different than the defaults, or make the user able or not to mount
> them from the filemanager with or without su/sudo password. As said
> in the documentation of the package, all this can be bypassed with
> pmount(1). This is not a security layer.

Looks like this could be useful for Tails persistence feature :)

> You can download the source with:  dget -x
> http://mentors.debian.net/debian/pool/main/b/bilibop/bilibop_0.1.dsc

I'll have a look, hopefully in a few days. Don't hesitate pinging me
in two weeks if needed.

> I have send a RFS: #675532

I'll consider sponsoring this package. I expect my decision to be
mostly a function of whether there is some bilibop feature we can use
as is in Tails.

How much do you care about seeing bilibop shipped in Wheezy?
(I presume not much, else you would have posted this ITP quite sooner,
but who knows, I myself have not uploaded yet all new packages I want
to see in Wheezy -- the difference being I won't have to argue with
myself about packaging style and tools ;)

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

Reply to:

References:
- Bug#675467: ITP: bilibop -- run Debian from external media
  - From: bilibop project <quidame@poivron.org>
- Bug#675467: ITP: bilibop -- run Debian from external media
  - From: intrigeri <intrigeri@debian.org>
- Bug#675467: ITP: bilibop -- run Debian from external media
  - From: quidame@poivron.org

Prev by Date: Bug#675755: O: gregorio -- command-line tool to typeset Gregorian chant
Next by Date: Processed: tagging as pending bugs that are closed by packages in NEW
Previous by thread: Bug#675467: ITP: bilibop -- run Debian from external media
Next by thread: Bug#675467: ITP: bilibop -- run Debian from external media
Index(es):
- Date
- Thread