5

I have installed Tails in an USB flashdrive and then booted my macbook with it. I noticed that Tails was capable of seeing my macbook's hard drive. Out of curiosity I tried to browse it.

Interestingly, I was capable to entering /Users/myName and access all files within. Except for a handful of folders: Desktop and Documents. Tails prompted me saying that I didn't have permission for that.

Makes sense: I could very well be a random stranger trying to steal the files out of this computer. But it got me thinking: what exactly is stopping me from accessing such files?

As far as I am concerned, the Desktop and Documents folders or any other file in my macbook's hard drive are not encrypted in any way. I'm no expert, but I doubt there is any sort of encryption protecting such files.

So I guess it is Tails itself. Is Tails deliberately thinking "oh boy this guy could be a random stranger, I better stop him", or is Tails actually trying to access such files but something is stopping it? If that is the case, what is it?

Naturally, the above bears the next question: is it possible to browse/access the files on a computer's hard drive by booting from an OS installed in a flash drive, such as Tails, effectively bypassing any sort of authentication?

Saturn
  • 563
  • 1
  • 5
  • 10
  • 3
    Nothing is stopping you. This is how you access files on a hard drive without booting the OS installed on it. The way to protect it is by using encryption. – ztk Aug 12 '15 at 21:32

2 Answers2

6

In general, yes, booting from a flash drive gives you access to anything that's not encrypted.

In this specific case, Tails itself is stopping you. It's voluntarily respecting the permissions declared by the filesystem on the hard disk. This isn't intended to prevent you accessing private files though - it's simply a side effect of the fact that Tails, for security reasons, doesn't give you root access by default. You can lift this restriction by setting an administration password in the Tails startup dialog, then you should be able to access those files as root.

John Morahan
  • 1,971
  • 2
  • 10
  • 9
4

OS access permissions of files at best prevent you from reading the files while that OS is running. Besides booting from a USB drive, you can also remove the drive and attach it to another computer as a data drive to access the files. The best means around this is to encrypt your data.

Note that some enterprises implement policies that are aimed at preventing bypassing the OS's security. That is one of the reasons that many companies implement policies that prevent booting from a USB drive. But even that is susceptible to having the drive removed and put into another computer.

Generally, you can't rely on software security without physical security. Consider the Android cold boot attack that can allow you to bypass encryption and screen lock under the right circumstances.

Neil Smithline
  • 14,621
  • 4
  • 38
  • 55