On Fri, Oct 12, 2012 at 06:15:07PM -0700, Steve Weis wrote: > Hi. I booted Tails' latest release and was able to scrape memory contents > via FireWire. All the necessary firewire modules are enabled by default and > Inception worked out of the box. This would let someone root a machine > through, say, a daisy chained thunderbolt monitor. > > I'd either remove support from the kernel, blacklist the modules in > modprobe, or disable support with a boot param.
We can't just do that. Tails is also meant to be a safe environment to produce sensitive documents. Being able to retrieve a video from a DV camera, edit it and send it online is a use case Tails should support. From the recent discussions regarding ExpressCards and the likes, it looks like we are moving to a common pattern of "you have 5 minutes to plug things on those ports that can be dangerous, otherwise, they will be disabled". This should work for FireWire too, even if it feels more cumbersome to me than for an expansion card. -- Ague
pgp4q3EidLIt5.pgp
Description: PGP signature
_______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev