[kde] [Bug 347463] New: Authorize newly connected USB devices

[Josef Kufner]

https://bugs.kde.org/show_bug.cgi?id=347463

            Bug ID: 347463
           Summary: Authorize newly connected USB devices
           Product: kde
           Version: unspecified
          Platform: unspecified
                OS: Linux
            Status: UNCONFIRMED
          Severity: wishlist
          Priority: NOR
         Component: general
          Assignee: unassigned-bugs at kde.org
          Reporter: jk at frozen-doe.net

To improve security against foreign devices connected to system without owner's
permission, KDE should ask whether or not allow unknown device. This can be
done using udev and 'authorized' attribute, or via
/sys/bus/usb/devices/*/authorized file.

Manual device authorization can prevent connecting hardware keyloggers or
malicious flash drives to temporairly unattended devices, when attacker is not
interrested in device itself but in user's data. Or at least make these attacks
much harder.

Of course this will require cooperation with some system services, but simple
udev connector should do the trick. Something like this (source:
https://www.abclinuxu.cz/blog/ucim_sa/2015/5/udev-nastaveni-povolenych-usb-zarizeni-whitelist#8):

    #Check USB HID devices
    ACTION=="add", ATTR{bInterfaceClass}=="03"
RUN+="/usr/lib/kde4/libexec/authorize-usb"

And the /usr/lib/kde4/libexec/authorize-usb would ask (via dbus or something)
currently logged in user to authorize the device.

This feature request originates from blog post at
https://www.abclinuxu.cz/blog/ucim_sa/2015/5/udev-nastaveni-povolenych-usb-zarizeni-whitelist
(czech; code listings should be understandable even without understanding the
text around).

Reproducible: Always

-- 
You are receiving this mail because:
You are the assignee for the bug.