> On 10 Jan 2016, at 00:01, intrigeri <intrig...@boum.org> wrote: > > In Tails, we also directly access the block device as the amnesia > user, since > /etc/udev/rules.d/99-make-removable-devices-user-writable.rules allows > us to do that.
Ah, this could be the game changer. I'll look into that and see if it gives me the powers I need to avoid setuid (which is the source of all the problems). > On Debian/Ubuntu, we are more limited so we use some operations that > require administrator credentials: > > * opening the block device with udisks2, to get a filehandle for > writing the MBR; > * running syslinux as root, using pkexec. >From what little I know of policykit, the same security caveats as setuid >would usually apply...? Thanks! A _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.