Maybe there is no auto mounting by default anyhow.
Description
Description
Details
Details
- Impact
- Normal
Event Timeline
Comment Actions
Automounting can be configured in /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/thunar-volman.conf
The property "automount-media" should have the value "false".
It looks like these are disabled by default in Whonix. I've only tested this from the CLI version and installed xfce manually. The ordinary xfce version may be different.
Comment Actions
Debian buster package thunar-volman (thunar-volman-0.9.1) contains a file debian/thunar-volman.xml
file debian/install contains
debian/thunar-volman.xml /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/
.
dpkg -S /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/thunar-volman.xml
thunar-volman: /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/thunar-volman.xml
<?xml version="1.0" encoding="UTF-8"?>
<channel name="thunar-volman" version="1.0">
<property name="automount-media" type="empty">
<property name="enabled" type="bool" value="false"/>
</property>
<property name="automount-drives" type="empty">
<property name="enabled" type="bool" value="false"/>
</property>
<property name="autobrowse" type="empty">
<property name="enabled" type="bool" value="false"/>
</property>
<property name="autoopen" type="empty">
<property name="enabled" type="bool" value="false"/>
</property>
</channel>FYI: There is file [/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml](https://github.com/Whonix/security-misc/blob/master/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml) as part of security-misc package.
See also:
https://forums.whonix.org/t/whonix-xfce-development/6213/83
thunar-volman has a ton of auto something features. It may or may not be the case that these are enabled by default. I enabled them all manually to make the point.
cat xfconf/xfce-perchannel-xml/thunar-volman.xml
<?xml version="1.0" encoding="UTF-8"?>
<channel name="thunar-volman" version="1.0">
<property name="automount-media" type="empty">
<property name="enabled" type="bool" value="true"/>
</property>
<property name="automount-drives" type="empty">
<property name="enabled" type="bool" value="true"/>
</property>
<property name="autobrowse" type="empty">
<property name="enabled" type="bool" value="true"/>
</property>
<property name="autoopen" type="empty">
<property name="enabled" type="bool" value="true"/>
</property>
<property name="autorun" type="empty">
<property name="enabled" type="bool" value="true"/>
</property>
<property name="autoburn" type="empty">
<property name="enabled" type="bool" value="false"/>
</property>
<property name="autoplay-audio-cds" type="empty">
<property name="enabled" type="bool" value="true"/>
</property>
<property name="autoplay-video-cds" type="empty">
<property name="enabled" type="bool" value="true"/>
</property>
<property name="autoipod" type="empty">
<property name="enabled" type="bool" value="true"/>
</property>
<property name="autophoto" type="empty">
<property name="enabled" type="bool" value="true"/>
</property>
<property name="autoprinter" type="empty">
<property name="enabled" type="bool" value="true"/>
</property>
<property name="autokeyboard" type="empty">
<property name="enabled" type="bool" value="true"/>
</property>
<property name="automouse" type="empty">
<property name="enabled" type="bool" value="true"/>
</property>
<property name="autotablet" type="empty">
<property name="enabled" type="bool" value="true"/>
</property>
</channel>Can you see from thunar-volman source code where defaults are configured? Would be good to watch for future versions.
I think by disabling thunar-volman in thunar settings, we automatically get rid of any thunar-volman auto mounting. Done that. (Following commit not yet tested.) Good to have as safeguard.
https://github.com/Whonix/security-misc/commit/b00a264ce27c48584879d85275a3fa3f19030906
What do you think?
Comment Actions
Can you see from thunar-volman source code where defaults are configured? Would be good to watch for future versions.
debian/thunar-volman.xml has all the default settings for auto-mounting if that's what you mean.
What do you think?
All the auto stuff should probably be disabled. Disabling volman altogether should disable these anyway but it'd be good to disable individual settings just in case.
Maybe add /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/thunar-volman.conf to security-misc with all the auto-mounting disabled.
Comment Actions
madaidan (madaidan):
madaidan added a comment.
> Can you see from thunar-volman source code where defaults are configured? Would be good to watch for future versions. debian/thunar-volman.xml has all the default settings for auto-mounting if that's what you mean.
No, I mean the upstream repository thunar-volman by XFCE developers.
> What do you think? All the auto stuff should probably be disabled.
Even if these are disabled by default? The reasoning being, they're
disabled by default now, but we don't know about the future?
Maybe add /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/thunar-volman.conf to security-misc with all the auto-mounting disabled.
It would require config-package-dev displace (used elsewhere in
packages by Whonix) to take over package ownership of that file since
that file is already owned by Debian thunar-volman package. I am
wondering if that effort is justified.
Comment Actions
No, I mean the upstream repository thunar-volman by XFCE developers.
It looks like they're configured in thunar-volman-settings/tvm-preferences-dialog.c.
https://git.xfce.org/xfce/thunar-volman/tree/thunar-volman-settings/tvm-preferences-dialog.c
Do a ctrl + f for "auto". It looks like it enables some.
There isn't an actual configuration file. Just code.
Even if these are disabled by default? The reasoning being, they're
disabled by default now, but we don't know about the future?
Yes. It's better to be prepared, just incase.
I am wondering if that effort is justified.
I say it's justified. We probably won't know if the defaults are ever changed so it's better to make sure it wont affect us anyway.