On Du, 02 ian 22, 20:52:25, David Wright wrote: > On Fri 10 Dec 2021 at 17:20:52 (+0100), Andrei POPESCU wrote: > > On Lu, 06 dec 21, 10:18:49, David Wright wrote: > > > On Sun 05 Dec 2021 at 13:33:41 (+0100), Andrei POPESCU wrote: > > > > On Vi, 12 nov 21, 12:27:59, Stefan Monnier wrote: > > > > > > > > > > As mentioned, the way to control it will depend on the specific tool > > > > > used to mount. E.g. if it's mounted by hand via a rule in /etc/fstab, > > > > > then you can rules that specify the device via /etc/disk/by-uuid. > > > > > > > > > > Do note that partition UUIDs are not designed to be reliable w.r.t > > > > > malicious uses (it's easy to create a partition with the same UUID as > > > > > some other). > > > > > > > > /dev/disk/by-id/ should be device specific. > > > > > > It certainly is, but specific to the card reader reading it, > > > not the card. And that's whether the card is plugged into a > > > slot on the computer, or into a discrete SD/USB adapter. > > > > At least with the built-in reader on an Acer Chromebook R13 the ID > > changes with every card I tested, but you are indeed right about USB > > adapters (at least for the two I could test). > > I did some comparisons between machines, and it would appear that > when the link starts with /dev/disk/by-id/mmc- then the ID is > that of the card, whereas when it starts with /dev/disk/by-id/usb- > then the ID is that of the card reader. Note that I did all the > comparisons using fullsize SD cards pushed into slots in the PCs, > so there were no separate adapters involved, neither SD→USB, nor µSD→SD.
My guess is micro-SD to SD adapters are passive only (i.e. just connecting pin-to-pin as needed), so it shouldn't matter. For the OP's issue, it seems a possible solution would be to disallow any USB-to-SD adapters, and for the (hopefully few) users that really need to use SD cards to use MMC-style slots only. A less secure option would be to allow USB adapters only for a few select *trusted* users, with the understanding that they use "safe" SD cards only. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
signature.asc
Description: PGP signature
