[SOLVED] Live CD

ophiry · 11-11-2009, 12:41 PM

Hi all.
I'm building a live CD (based on slax) which needs to block access to local hard drives.

slax has a boot option to disable hard drive detection, but this option is somewhat week - the hard drives appear in the KDE file manager, andthey can be accessed if mounted manually.

I'm looking for a more robust method.
any ideas?

my idea was to block the creation of sysfs entries for the hard drives - any pointers how to do this?

Ophir Yoktan

lewc · 11-11-2009, 03:42 PM

Actually it's much esier than this, you can just set the permissions to mount for only root or remove the ATA drivers from the kernel and re-compile, I would stick with restrict the mounting to root and set a random root password on every boot, it should be the fastest and easiest solution which also prevents sudo'ing and allows for you to use that root account to access the hard drives, why is it you do not want people accessing the HD's btw???

ophiry · 11-12-2009, 12:26 AM

Limiting mount permissions seems to solve part of the problem (this is what I do now)
However, the hard drive still appears in the konquerer file manager under the storage media section - which is undesirable as it gives the impression the hard drives are accessible.
do you think removing the ATA drivers will solve this? do you know how it's done? will it still allow cdrom and usb storage access?

another optin is thought of is somehow modifying the KDE kio_slaves, but i didn't found relevant information.

Ophir

lewc · 11-12-2009, 03:56 AM

well I'm not sure if KDE uses HAL or not for drives but if it does add a new .fdi file to hal reading

Code:

<?xml version="1.0" encoding="UTF-8"?> <!-- -*- SGML -*- --> 

<deviceinfo version="0.2">
<device>
  <match key="@block.storage_device:storage.hotpluggable" bool="false">
    <match key="@block.storage_device:storage.removable" bool="false">
      <merge key="volume.ignore" type="bool">true</merge>
    </match>
  </match>
</device>
</deviceinfo>

this also will not disable hotpluggable drives and I'm not sure if it will work with KDE because I don't use KDE.

There is another solution however, you could remove the fs drivers in the kernel which requires re-compiling and reconfiguring the kernel sources. It all seems like alot of work tbh, why do you need to hide drives?

ophiry · 11-12-2009, 01:25 PM

I tried this.

using hal-device I see that the device is marked volume.ignore=true.
However, it appears that konquerer ignores this.

as for the need - it's supposed to some kind of sand box live cd - so I want it to block access to the local hard drive to prevent potential damage.
The fact that the hard drives can be seen, even if they can't be mounted, is also problematic as users might not trust the system to be secure enough.

lewc · 11-12-2009, 05:38 PM

okay... which KDE are you using that you have konqueror, I was pretty sure Dolphin was now the standard but anywho, other solutions include, uninstall konqueror and dolphin and use nautillus this should solve all of your problems within the GUI, furthermore if you would like to block all devices and loose all your data when you reboot you can use

Code:

<?xml version="1.0" encoding="UTF-8"?> <!-- -*- SGML -*- --> 

<deviceinfo version="0.2">
<device>
  <match key="@block.storage_device" bool="true">
      <merge key="volume.ignore" type="bool">true</merge>
    </match>
  </match>
</device>
</deviceinfo>

this should work although it won't stop you e-mailing your data to yourself or ftp'ing it and you can be sure you definately won't injure your HD's, personally I'd just use more caution as i'm sure a shell script could still damage the drives

scourge99 · 11-12-2009, 06:38 PM

Quote:

Originally Posted by ophiry

Hi all.
I'm building a live CD (based on slax) which needs to block access to local hard drives.

slax has a boot option to disable hard drive detection, but this option is somewhat week - the hard drives appear in the KDE file manager, andthey can be accessed if mounted manually.

I'm looking for a more robust method.
any ideas?

my idea was to block the creation of sysfs entries for the hard drives - any pointers how to do this?

Ophir Yoktan

You can now buy hard drives that easily detach from outside the case. When you want to use your live CD simply remove it then replace when finished.

Also, a few hard drives have a physical write protection switch.

ophiry · 11-15-2009, 02:08 AM

Setting info.ignore to true in the preprobe hal rules solved the problem.

Thanks all.