Bug#788662: Logged-in user no longer granted permission to removable disks

Mon Jan 18 22:45:17 GMT 2021

On Thu, Jan 14, 2021 at 03:13:31PM +0100, Michael Biebl wrote:
> Hi Josh
> 
> Am 15.06.15 um 17:56 schrieb Josh Triplett:
> > On Mon, Jun 15, 2015 at 12:36:45PM +0200, Michael Biebl wrote:
> > > Am 15.06.2015 um 07:34 schrieb Martin Pitt:
> > > > Hey Josh,
> > > > 
> > > > Josh Triplett [2015-06-13 16:23 -0700]:
> > > > > I plugged in a removable USB disk, and its devices showed up as root:disk 0660,
> > > > > with no ACLs.  Normally, I'd expect removable USB disks to grant
> > > > > read/write permission to the logged-in user.
> > > > > ~$ ls -l /dev/sdb*
> > > > > brw-rw---- 1 root disk 8, 16 Jun 13 16:17 /dev/sdb
> > > > > brw-rw---- 1 root disk 8, 17 Jun 13 16:17 /dev/sdb1
> > > > 
> > > > That's expected. As Michael already said, we never explicitly granted
> > > > user access to device nodes. Maybe in the past some devices got that
> > > > through specific group membership, or you had some custom udev rules
> > > > to do that; but throughout the history of pmount, hal, consolekit,
> > > > udev etc. in Debian the device nodes themselves weren't user
> > > > accessible in general. The main exception there that I remember is
> > > > Fedora's/Red Hat's ancient console_helper (or something similar) which
> > > > actually changed the device nodes themselves. But that was some decade
> > > > ago already..
> > > 
> > > I checked wheezy, and it had the following rules:
> > > 91-permissions: SUBSYSTEM=="block", ATTRS{removable}=="1", GROUP="floppy"
> > > 91-permissions: SUBSYSTEM=="block", SUBSYSTEMS=="usb|ieee1394|mmc|pcmcia", GROUP="floppy"
> > > 
> > > See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751892
> > > 
> > > Maybe we should merge those two bug reports?
> > 
> > Merging them seems fine, but I do think this functionality from wheezy
> > should be restored.  Not using the "floppy" group or any static group,
> > but using the uaccess mechanism.
> > 
> > Either that, or there should be a NEWS.Debian entry somewhere
> > documenting that direct device access by users was removed and won't
> > come back for security reasons.  But I don't see an obvious reason why
> > removable USB disk devices should not be accessible to users.
> 
> I'm looking at older bug reports and I'm wondering what to do about this
> one. I guess the time for a NEWS entry has passed.
> Regarding granting access to "removable" media write access via uaccess, I'm
> not strictly against that, I just would prefer this to happen and be
> implemented upstream. One problematic issue I can imagine is that it's not
> trivial to reliably determine whether a disk is really removable or not.
> That said, if you are still interested, would you mind filing an upstream
> bug report at https://github.com/systemd/systemd/issues.

Filed upstream as https://github.com/systemd/systemd/issues/18304 .

Thank you again for all your work on systemd and udev, including triage!