How the system know a device is removable

olive · 2014-06-12 09:01:40

Something I find rather insecure is the way devices can be mounted by end user. In a usual configuration users are allowed to mount "removable" devices with a desktop application (that I believe use dbus). How the system does know a device is removable. I have not found any documentation on how to make a USB hard disk non removable.

It seems that in the usual configuration USB hard disk are "removable" while SATA disks are not. Yet both interfaces support about the same speed (if we use USB3) and it is entirely conceivable to have the main hard disk connected to USB. If you have a desktop computer, you can even connect your USB harddisk to a USB3 internal connector which will render the difference unnoticeable. If we think about it, usual Linux system are configured to make an essential difference in the security policy based on the physical form of the connector used to connect your hard disk; and that is quite weird. I do not think such confusing configuration can be considered secure if security is really important.

Last edited by olive (2014-06-12 09:02:01)

Lone_Wolf · 2014-06-12 13:52:53

Olive,

compare sata and usb standard defintions.
You will find that usb allows hotplugging (remove/insert devices while system is powered/running), and sata only allows coldplugging (removal / insertion is allowed only when system is powered down) .
Also, afaik linux has no way to determine whether you use internal or external usb connections.

a hypothetical example :

your cat wants to sit on desk.
The usb harddisk makes it feel uncomfortable, so it pushes it away making the usb harddisk loose connection.
As it happens, you were in the middle of upgrading and your main disk is now corrupted and the sytem doesn't even boot anymore.
With a sata disk that can't happen.

In short, with USB devices linux doesn't know when they will go missing, but they can go missing anytime.
Sata drives can only go missing due to a malfunction.

ninian · 2014-06-12 17:23:38

olive wrote:

How the system does know a device is removable.

Well, you can look at the boolean value of RM when you issue the command:

lsblk

But I have found this not to be reliable for some USB drives I have, so I also check the output from:

udevadm info --query=property --export --name=<device>

and note when ID_BUS='usb' instead of 'ata'.
To summarize in Bash:

[[ $RM != 1 && $ID_BUS != usb ]] && echo Not a removable drive

olive · 2014-06-13 06:14:53

Are you so sure SATA drive are not hot pluggable? I see information saying the contrary, for example here: http://wdc.custhelp.com/app/answers/det … ata-drives. If you look on the web you will even see adapters that allow you to plug your SATA drive on a USB port (Google USB to SATA). Such hard disks presumably become removable?

But I was mainly referring for the permission of an ordinary user to mount a USB drive and I have had the problem for a Linux distribution that I had installed on a external USB hard drive; I found that an ordinary user could mount partitions on that disk (they may even be auto-mounted in some configuration).

But my main question is: is that possible to configure Linux to make a USB hard disk non removable? The way it is decided is unclear. Where is this notion of "removable" defined? Is it possible to configure what is "removable"?

ninian partially answered my question pointing me a command (lsblk) that shows me what is removable. But as he says it is not completely reliable. I am afraid that permission which are granted to local user to mount "removable" disks are not either. I am still looking for a way to configure what is removable and what is not.

Last edited by olive (2014-06-13 06:23:09)

Gusar · 2014-06-13 08:08:08

olive wrote:

is that possible to configure Linux to make a USB hard disk non removable?

Wrong question. The correct one is: Can I configure the system to prevent ordinary users from u/mounting partitions on a particular device (or on all devices)? And the answer is "yes". You'll have to dig through polkit documentation and then create appropriate policies. Which may or may not be easy, polkit's javascript-based policy configuration is very powerful, but also quite complicated.

olive · 2014-06-13 08:28:02

Gusar wrote:

olive wrote:
is that possible to configure Linux to make a USB hard disk non removable?
Wrong question. The correct one is: Can I configure the system to prevent ordinary users from u/mounting partitions on a particular device (or on all devices)? And the answer is "yes". You'll have to dig through polkit documentation and then create appropriate policies. Which may or may not be easy, polkit's javascript-based policy configuration is very powerful, but also quite complicated.

What you say make sense. But having security based on such obscure things does not seem secure at all. The web is full of users that have problems with it, usually they are not authorized to do things that they should do. They are surely tons of things you can do that you shouldn't (but they are less likely to be noticed). I guess that if you have a server, the best is to disable polkit completely. Is that even possible?

By the way my initial question still make sense. Suppose that you have connected your hard disk on an internal USB port. Then this disk should be considered non removable and be treated as such for everything. In this case this is exactly that: an non removable disk. Trying to emulate the behavior of a non removable disk for a disk that is still considered removable seems not very clean and error prone.

Last edited by olive (2014-06-13 08:39:31)

mhogomchungu · 2014-06-13 12:26:52

olive wrote:

By the way my initial question still make sense. Suppose that you have connected your hard disk on an internal USB port. Then this disk should be considered non removable and be treated as such for everything. In this case this is exactly that: an non removable disk. Trying to emulate the behavior of a non removable disk for a disk that is still considered removable seems not very clean and error prone.

Let say you are the person responsible for making a decision of what volume is an internal one and what volume is not, how would you decide?

All you see is 4 usb ports and you cant tell which one is accessible only from within the computer and hence a case has to be opened for the port to be accessed(quoted scenario) or the port is externally exposed and a user can plug in and out a usb device at will.Usb ports do not carry useful information in this regard and hence what hard drive is connected in what usb port is not useful information in making the decision.

Suppose now you decide to ask the disk itself if its removable or not.Your usb stick will probably say it is not,your sata drive in an enclosure will probably say it is removable since the drive can be removed from its en closer.Here,you should see a distinction need to be made between "removable" and "hot swappable".

A usb stick is non removable but hot swappable

A sata drive in an enclosure will make the sata drive "removable".The sata drive will be "hot swappable" if the enclosure is connected to the computer through a externally exposed usb port and the sata drive will not be "hot swappable" if the enclosure is connected through internally exposed usb port.

The above should show that asking the drive itself will not work in all circumstances as the drive could give misleading information.
The above should show that there is no "bullet proof" way to solve this.

I have a project called zuluCrypt[1] and i have looked at this problem extensively and it is not an easy problem to solve and a user will have to intervene sooner or later.udev has a hack somewhere that allows a user to specify what usb port is externally visible and what is not.My solution is the user maintained volume lists discussed below.

In my project,i came up with a concept of "system volume" and "non system volume".

I defined a "system volume" as a volume that has an entry in "/etc/fstab","/etc/crypttab","/etc/zuluCrypt/system_volumes.list" or if udev identify the volume as system if udev support is enabled.

i defined a "non system volume" as a volume that fail in the above criteria or if it has an entry in "/etc/zuluCrypt/nonsystem_volumes.list".

You know your computer best,the best way to solve the problem using udev is to look for the udev usb port hack and tell udev what usb port is externally accessible and what is not.This should make it easy for udev to make predictable decisions that agrees with your computer setup

[1] https://code.google.com/p/zulucrypt/

Lone_Wolf · 2014-06-13 13:01:54

Are you so sure SATA drive are not hot pluggable? I see information saying the contrary, for example here: http://wdc.custhelp.com/app/answers/det … ata-drives. If you look on the web you will even see adapters that allow you to plug your SATA drive on a USB port (Google USB to SATA). Such hard disks presumably become removable?

You are right, technically sata drives are hot-pluggable.
Whether hotplugging will work however depends on the other hardware (motherboard , sata controller and such) supporting hotplugging.

disabling polkit : it's mostly used by WM/DE, so it would be possible to not install it.
But polkit is not low level security, i think that's taken care of by pam .

By the way my initial question still make sense. Suppose that you have connected your hard disk on an internal USB port. Then this disk should be considered non removable and be treated as such for everything. In this case this is exactly that: an non removable disk. Trying to emulate the behavior of a non removable disk for a disk that is still considered removable seems not very clean and error prone.

Historically PCs started with floppydrives and harddrives.
floppydrive medium could be changed on the fly , non of the early PC harddrive standards (MFM, IDE) supported this.
(Don't know if early SCSI versions supported hotplugging).

Later we got optical drives that used IDE / SCSI bus, so bus did no longer tell whether a device was removable or not.
Then we got USB, Sata, eSata etc .
OSes then divided harddrives in 2 types : internal and external
Internal drives are still considered non-removable.
USB drives have always been treated as external drives.

Gusar · 2014-06-13 13:05:35

olive wrote:

But having security based on such obscure things does not seem secure at all.

Well, it's not actually obscure, everything is documented. It's just that the syntax is quite "blah", considering it's javascript.

olive wrote:

Suppose that you have connected your hard disk on an internal USB port. Then this disk should be considered non removable and be treated as such for everything.

That seems like a very uncommon scenario to me, why would you put an USB disk *inside* a machine? But even so, see bellow.

olive wrote:

Trying to emulate the behavior of a non removable disk for a disk that is still considered removable seems not very clean and error prone.

You're still thinking in wrong terms. It's not "removable" vs "non-removable". It's "user is allowed to poke this device" vs "user is not allowed to poke this device". The defaults are what they are, described in polkit action files shipped by the distro (in this case, the udisks2 package). If you want different behavior, you'll have to write appropriate polkit rules that do what you want.

I did some work for you, here's a (not tested) rule that says you need to specify the root password for all removable devices, save it as /etc/polkit-1/rules.d/10-mount.rules:

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.udisks2.filesystem-mount") {
        return polkit.Result.AUTH_ADMIN_KEEP;
    }
});

How to limit this to a specific removable device is an exercise left to you (I found it in online documentation).

alphaniner · 2014-06-13 13:41:28

Re: SATA and hot-plugging

Edit: Wikipedia says it better than I could.

Last edited by alphaniner (2014-06-13 13:45:00)

olive · 2014-06-13 14:15:14

Gusar wrote:

olive wrote:
Suppose that you have connected your hard disk on an internal USB port. Then this disk should be considered non removable and be treated as such for everything.
That seems like a very uncommon scenario to me, why would you put an USB disk *inside* a machine? But even so, see bellow.

My machine (very common ASUS mother board has only one SATA supporting 6Gb/s, the other are limited to 3Gb/s; USB3 has a transfer rate of 5Gb/s which is faster that the other SATA. Moreover, I can ask the question the other way around: why would you prefer a SATA drive inside the machine? USB3 is just as cheap and as fast. Moreover it make it easier to transfer the data to another machine in case of a hardware failure (because USB3 is easily available on every computer, including laptops). I do not see any advantage of SATA anymore; expect that some proprietary OS refuse to run on them.

Last edited by olive (2014-06-13 14:16:31)

alphaniner · 2014-06-13 14:26:52

AFAIK there is really no such thing as a USB hard drive; you have SATA or PATA HDDs with USB adapters. So why buy an adapter/enclosure meant for external use if you're going to use it internally?

More importantly though, if a SATA drive is adapted to USB I think you lose access to NCQ and trim.

Last edited by alphaniner (2014-06-13 14:27:58)

Gusar · 2014-06-13 14:35:02

olive wrote:

why would you prefer a SATA drive inside the machine?

Because that's simply how machines are built: the insides have a cage to screw in "bare" disks which connect to SATA, the outsides have USB ports where you connect disks that are in an enclosure. There's nothing particularly wrong in doing it differently, as long as it works for you. It's just very uncommon, and hence the default udisks config doesn't accommodate such a scenario. It can't accommodate it, how could it possibly know your USB disk is actually inside the machine.

BTW, you're citing theoretical speeds, which are far from practical ones (especially when it comes to USB), have you measured actual transfer rates of your disks? I can tell you that my internal SATA II (3 GB/s) disk reaches transfer rates of around 110 MB/s, while my external USB3 disk reaches around 105 MB/s. So theoretical speeds don't mean much, other factors are more relevant.

rune0077 · 2014-06-13 17:27:57

Gusar wrote:

olive wrote:
why would you prefer a SATA drive inside the machine?
Because that's simply how machines are built: the insides have a cage to screw in "bare" disks which connect to SATA, the outsides have USB ports where you connect disks that are in an enclosure. There's nothing particularly wrong in doing it differently, as long as it works for you. It's just very uncommon, and hence the default udisks config doesn't accommodate such a scenario. It can't accommodate it, how could it possibly know your USB disk is actually inside the machine.
BTW, you're citing theoretical speeds, which are far from practical ones (especially when it comes to USB), have you measured actual transfer rates of your disks? I can tell you that my internal SATA II (3 GB/s) disk reaches transfer rates of around 110 MB/s, while my external USB3 disk reaches around 105 MB/s. So theoretical speeds don't mean much, other factors are more relevant.

The outsides usually have SATA connectors as well (eSATA).

Regarding transfer speeds, when using USB3, SATA or thunderbolt, the RPM of your drive will always be the bottleneck. You'll achieve much the same transfer speeds on standard 7200 RPM drives with all of these connections because your drive can't keep up with the maximum transfer speed anyway. If you're using an SSD though, you'll start seeing speed diferences.

Arch Linux

#1 2014-06-12 09:01:40

How the system know a device is removable

#2 2014-06-12 13:52:53

Re: How the system know a device is removable

#3 2014-06-12 17:23:38

Re: How the system know a device is removable

#4 2014-06-13 06:14:53

Re: How the system know a device is removable

#5 2014-06-13 08:08:08

Re: How the system know a device is removable

#6 2014-06-13 08:28:02

Re: How the system know a device is removable

#7 2014-06-13 12:26:52

Re: How the system know a device is removable

#8 2014-06-13 13:01:54

Re: How the system know a device is removable

#9 2014-06-13 13:05:35

Re: How the system know a device is removable

#10 2014-06-13 13:41:28

Re: How the system know a device is removable

#11 2014-06-13 14:15:14

Re: How the system know a device is removable

#12 2014-06-13 14:26:52

Re: How the system know a device is removable

#13 2014-06-13 14:35:02

Re: How the system know a device is removable

#14 2014-06-13 17:27:57

Re: How the system know a device is removable

Board footer