Re: Concrete ideas for the December-March OPW?

From: Hans Petter Jansson <hpj copyleft no>
To: Christian Hergert <christian hergert me>
Cc: safety-list gnome org
Subject: Re: Concrete ideas for the December-March OPW?
Date: Thu, 30 Oct 2014 02:06:33 +0100

On Wed, 2014-10-29 at 14:29 -0700, Christian Hergert wrote:

Another problem is that some USB devices are simply attack devices. They
fake a vendor and product id to cause a specific kernel module to be
loaded which is exploitable.

I imagine in some cases, we want to prevent the driver itself from being
loaded. Is this something we can do? I'm not sure how we would determine
what that is, or if we have the hooks into the (Linux) kernel to be able
to do this.


Indeed. This idea hinges on being able to get some basic information on
the device without loading the driver for it. If we're unable to do
that, we need to see what can be done about it, or (in the interim)
revert to Tobias' initial idea of a somewhat cruder UI with a more
aggressive USB lockdown.

-- 
Hans Petter

References:
- Concrete ideas for the December-March OPW?
  - From: Federico Mena Quintero
- Re: Concrete ideas for the December-March OPW?
  - From: Tobias Mueller
- Re: Concrete ideas for the December-March OPW?
  - From: Hans Petter Jansson
- Re: Concrete ideas for the December-March OPW?
  - From: Tobias Mueller
- Re: Concrete ideas for the December-March OPW?
  - From: Hans Petter Jansson
- Re: Concrete ideas for the December-March OPW?
  - From: Christian Hergert

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]