On 2023-07-22 08:54:59 +0100 (+0100), Matthew Garrett wrote: [...] > When is a user going to plug in a USB stick and *not* click that > button? I'm not analysing a filesystem by hand to check whether > it's trustworthy before I want it mounted. There's no reason to > automount when the screen is locked and presenting a dialog in the > case where one was plugged in and then the screen unlocked is > reasonable, but that just makes no sense as generic behaviour.
When the user has plugged in something that they don't realize contains a USB storage device, perhaps because it's attached to an internal hub within a device which has other purposes. I've read about unsuspecting users buying/borrowing USB chargers and cables which contain malicious widgets designed to backdoor systems. Maybe it's urban legend because I don't personally know anyone who's said they've had machines compromised that way, and most probably target Windows/iOS/Android anyway even if they are in circulation, but since the majority of my portable computing devices charge over USB these days I try to be conscious of it and never plug into the "convenient" charging ports supplied in airports, airplanes, hotel rooms, conference rooms... I just bring my own chargers with me. Also, while the risks of hacked USB devices isn't limited to exploiting filesystem drivers (backdoored keyboards apparently also exist, for example), I tend to not configure hotplug automounting more for preference of having direct control over the system's behavior. I would much rather explicitly call the mount command and be able to decide where in the file tree it gets added, on the rare occasion that I do actually need to plug in a storage peripheral for some reason. I get that I'm probably an exception, but there are definitely users who simply find automounting behavior annoying, beyond any potential security concerns. -- Jeremy Stanley
signature.asc
Description: PGP signature
