Non-automounted filesystems are ignored #16
Description
usb-canary only monitors what psutil considers "physical", mounted partitions. This means any attached device that does not automount while usb-canary is active (e.g. while the screen is locked) will not be caught.
- Feature Request
- Bug Report
Expected Behavior
Consider the following setup: There is a laptop, with usb-canary configured to monitor while the screen is locked. Automounting is disabled. The user locks the screen, goes away. During her absence, a coworker of her goes near the laptop and finds a USB stick lying on the ground. Thinking the USB stick fell out, she picks it up and plugs it in. Later, the user returns to unlock her laptop. At this point, usb-canary will not have picked up on the additional device since it is not mounted yet. However, now that the laptop is unlocked, she or some automatism might inadvertently mount the filesystem of the usb stick.
Current Behavior
usb-canary does not pick up on the new device absent automounting.
Possible Solution
Monitor physical block devices, or even better, monitor physical USB devices instead of mounted partitions.
Steps to Reproduce (for bugs)
Context
usb-canary at least on first glance looks like a security tool. Thus it should be secure.
Your Environment
I'm no mac expert, but this issue will very likely persist on mac since this "list only mounted filesystems thing" is the documented behavior of psutil's list_partitions.