The first half of the 4.17 merge window

Posted Apr 9, 2018 12:56 UTC (Mon) by cortana (subscriber, #24596)
In reply to: The first half of the 4.17 merge window by pizza
Parent article: The first half of the 4.17 merge window

Here's my suggestion for UI that will allow power users to confirm mounting without an annoying prompt that will turn off average users.

When you insert a disk, nautilus appears as normal (with the disk selected on the left-hand pane), but instead of the disk being mounted and the files displayed on the main pane, a prompt and button are displayed instead:

  +----------------------------------------------------+
  |            |                                       |
  | Recent     | Mount the device "USB disk"?          |
  | Home       |                                       |
  | Documents  | [x] Remember for this disk            |
  | Downloads  |                                       |
  | Music      | [Mount] [Eject]                       |
  | Pictures   |                                       |
  | Videos     |                                       |
  | Wastebasket|                                       |
  |            |                                       |
  +-USB-disk---+                                       |
  |            |                                       |
  |            |                                       |
  |            |                                       |
  |            |                                       |
  |            |                                       |
  |            |                                       |
  |            |                                       |
  +----------------------------------------------------+

The first half of the 4.17 merge window

Posted Apr 9, 2018 14:44 UTC (Mon) by jem (subscriber, #24231) [Link] (2 responses)

How do you define "this disk"? Is the disk the same after being reformatted? Is it regarded different after the file system has been doctored to exploit a vulnerability?

How do you know what the right answer (mount/eject) to the question is? If you have plugged it in, your intention was to use the disk. Why would you suddenly not want to use it after all?

The problem with removable storage is similar to running executables from an unknown source (except the storage problem is possibly worse, because the file system code is in the kernel). If the disk doesn't come from a trustworthy source, don't plug it in. Also, don't allow strangers to plug in disks at all on machines you are in charge of. I don't see the added value of asking "are you sure?"

The first half of the 4.17 merge window

Posted Apr 9, 2018 17:45 UTC (Mon) by droundy (subscriber, #4559) [Link] (1 responses)

I think the value of asking "are you sure?" is that the user might not have intended to plug in a disk. Perhaps I would like to allow someone to charge their phone using my computer, or I want to borrow a mouse, keyboard, or remote control for giving a presentation at a conference. In none of those cases would I be happy to have the device automatically mounted.

The first half of the 4.17 merge window

Posted Apr 10, 2018 10:25 UTC (Tue) by matthias (subscriber, #94967) [Link]

But you are happy to allow the kernel to automatically register a USB keyboard (or mouse) that can acknowledge the mount dialog? (or type rm -rf / from time to time to annoy terminal users)

Such a dialog would have to appear for every new device, not only mass storage. Furthermore, if you do not trust the device, you should not allow to register any component of the device. Which brings us back to square one: Why should you add a device that you do not trust? Ok, you could try to configure the keyboard (or mouse) that represents the presenter such that it can only forward inputs to the presentation software and not to some terminal or window manager. Is there anyone who really does this?

The bottom line is that you are usually doomed if you cannot trust the hardware that you are using, which is one of the reasons why Unix traditionally ultimately trusts any hardware.