picandies
Posts: 199
Joined: Wed Nov 26, 2014 5:13 pm

Controlling storage via python

Thu Feb 21, 2019 3:06 pm

I need to block use of usb memory sticks (flash sticks), so as to prevent Trojans, data theft, etc by unauthorized users. In my python program I have a password entry for only authorized users to turn on access to memory sticks so that they can use them for legit purposes. How do I actually turn on/off the access to the sticks using python 3.5? The user will only have access to the running program, so no worries that they will be able to input Linux commands themselves.

W. H. Heydt
Posts: 10890
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: Controlling storage via python

Thu Feb 21, 2019 3:39 pm

If the users have physical access to the Pi, they could just take the whole thing. They could also remove (or replace) the SD card and read it at their leisure, free of any software safeguards you have installed.

You need to re-think your entire security model.

picandies
Posts: 199
Joined: Wed Nov 26, 2014 5:13 pm

Re: Controlling storage via python

Thu Feb 21, 2019 5:17 pm

Let's stick to the question, please. This part of a machine, so it's not going anywhere. There is no internal access. It is not a high-security setup. However, the causal user should not be able to use a stick, unless the system give authorization to that person.

Andyroo
Posts: 4494
Joined: Sat Jun 16, 2018 12:49 am
Location: Lincs U.K.

Re: Controlling storage via python

Thu Feb 21, 2019 5:35 pm

You could try:

1) Limiting security on the /dev object for the USB stick
2) Creating rules for udev to limit access but I do not know if these are applied only at boot time or not https://hackaday.com/2009/09/18/how-to- ... dev-rules/

Take care though as you could lock the keyboard / mouse up as they will be USB connected :lol:
Need Pi spray - these things are breeding in my house...

picandies
Posts: 199
Joined: Wed Nov 26, 2014 5:13 pm

Re: Controlling storage via python

Thu Feb 21, 2019 5:48 pm

Thanks for the note about these rules.....however the python program need to turn the access on/off...would this change all flash sticks access (desired), from within python?

W. H. Heydt
Posts: 10890
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: Controlling storage via python

Thu Feb 21, 2019 6:07 pm

picandies wrote:
Thu Feb 21, 2019 5:17 pm
Let's stick to the question, please. This part of a machine, so it's not going anywhere. There is no internal access. It is not a high-security setup. However, the causal user should not be able to use a stick, unless the system give authorization to that person.
I think you mean that there is no *ex*ternal access...in which case, what is the actual problem? If the USB ports aren't exposed, then the user can't put anything in them.

picandies
Posts: 199
Joined: Wed Nov 26, 2014 5:13 pm

Re: Controlling storage via python

Thu Feb 21, 2019 11:16 pm

I think you mean that there is no *ex*ternal access...in which case, what is the actual problem

Why do you keep trying to change the question? ... As noted, the tech will be using the memory stick , once the password is accepted. How do you enable/disable the access in python 3.5?

Andyroo
Posts: 4494
Joined: Sat Jun 16, 2018 12:49 am
Location: Lincs U.K.

Re: Controlling storage via python

Thu Feb 21, 2019 11:27 pm

picandies wrote:
Thu Feb 21, 2019 5:48 pm
Thanks for the note about these rules.....however the python program need to turn the access on/off...would this change all flash sticks access (desired), from within python?
No idea to be honest as I’ve done very little with these rules - they are just plain text files so Python could write / rewrite them and then ‘udevadm control --reload‘ will handle the NEXT insert.

If the USB are ruled so as not to activate any auto run programs and you have no access to a command line without a password / user account then it matters not who opens the case and plugs a USB stick in.

If no one comes up with an answer I’d look at the udev functionality in Debian or the man udev on the Pi.
Need Pi spray - these things are breeding in my house...

picandies
Posts: 199
Joined: Wed Nov 26, 2014 5:13 pm

Re: Controlling storage via python

Fri Feb 22, 2019 10:24 am

If the USB are ruled so as not to activate any auto run programs and you have no access to a command line without a password / user account then it matters not who opens the case and plugs a USB stick in.
This has NOTHING to do with opening a case. The USB jack is right on the side of the unit. You type your access code into the screen app & then you should be able to use the memory stick as the app requires. If you don't run the app or don't have a code, then mem stick should not be able to do anything (whether you use the app or not).

Return to “Python”