Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Aug 2014 12:40:40 -0700
From: Greg KH <>
Subject: Re: BadUSB discussion

On Fri, Aug 08, 2014 at 10:27:16PM +0400, (GalaxyMaster) wrote:
> Alexey,
> On Fri, Aug 08, 2014 at 09:57:49PM +0400, wrote:
> > On 08-Aug-2014 09:21:02 -0700, Greg KH wrote:
> >  > That doesn't prevent any other USB HID device from being plugged
> >  > in and instantly working. Which again, you can prevent if you
> >  > want to, but no one seems to do that...
> > 
> > Hmmm... To avoid possible confusion: that was CONFIG_USB_KBD - 
> > "USB HIDBP Keyboard (simple Boot) support", and CONFIG_USB_HID
> > was turned off.
> I think Greg was referring to kernel's feature of controlling power on
> USB ports (e.g. you can just switch of power for a port and nothing you
> insert there will have a chance to work until you instruct the kernel to
> switch the port back on).

No, that is one option (note, it doesn't work for all hardware.)  I was
referring to the "authorized_default" option the USB core provides.  You
can set it to be:
	 0 - all devices plugged in are not authorized
	 1 - all devices are plugged in are automatically authorized
	-1 - all devices are plugged in are automatically authorized,
	     except for wireless USB devices, which have to be
	     explicitly authorized.

-1 is the default value.

If you set it to 0, you can look at the device, but no driver can bind
to it until you authorize it (through a sysfs file) and then it can work

Paranoid systems should set the default to 0.

The option can be changed while the kernel runs, good idea to use -1 as
a default, boot up, all needed devices are found, then set it to 0 so no
new device can be plugged in (watch out, if you unplug and then plug, it
will not work, so power spikes that cause devices to drop off the bus
and come back can be a pain.)


greg k-h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.