Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Jun 2017 19:35:06 +0200
From: Krzysztof Opasiak <k.opasiak@...sung.com>
To: Salvatore Mesoraca <s.mesoraca16@...il.com>,
	linux-kernel@...r.kernel.org
Cc: linux-security-module@...r.kernel.org,
	kernel-hardening@...ts.openwall.com, Brad Spengler <spender@...ecurity.net>,
	PaX Team <pageexec@...email.hu>, Casey Schaufler <casey@...aufler-ca.com>,
	Kees Cook <keescook@...omium.org>, James Morris <james.l.morris@...cle.com>,
	"Serge E. Hallyn" <serge@...lyn.com>, linux-usb@...r.kernel.org, Greg
	Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH 03/11] Creation of "usb_device_auth" LSM hook

Hi,

On 06/12/2017 06:56 PM, Salvatore Mesoraca wrote:
> Creation of a new LSM hook that can be used to authorize or deauthorize
> new USB devices via the usb authorization interface.
> The same hook can also prevent the authorization of a USB device via
> "/sys/bus/usb/devices/DEVICE/authorized".
> Using this hook an LSM could provide an higher level of granularity
> than the current authorization interface.
>

Could you please explain me why we need LSM for this?

There are tools like usbguard[1] and as far as I can tell it looks like 
they can do everything for you...
Without kernel modification...
without matching and storing rules inside kernel..
just pure userspace which uses device/interface authorization

Footnote:
1 - https://dkopecek.github.io/usbguard/

Best regards,
-- 
Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.