• 0 Posts
  • 5 Comments
Joined 2 years ago
cake
Cake day: July 2nd, 2023

help-circle
  • If you’re worried enough to encrypt the drive, you shouldn’t be auto mounting it.

    This really depends on your threat model. If you are only concerned about the drive getting stolen, or wanting to keep the data on it private if you need to RMA the drive, mounting it automatically on boot with a key stored on the rootfs can be perfectly fine. If you are a journalist in a hostile country and protecting your sources from state level actors is a matter of life and death, then yeah, this would be woefully insufficient.





  • Well, for one, it’s network attached storage. If it’s not present in the network for one reason or another, guess what, your OS doesn’t boot… or it errors during boot, depending on how the kernel was compiled and what switches your bootloader sends to the kernel during boot.

    Just use nofail in the fstab.

    Second, this is an easy way for malware to spread, especially if it’s set to run after user logon.

    If your fileshare is accessible to you, it is also accessible to malware running as your user. Mounting the share via a filemanager doesn’t change this.