On Tue, 22 Nov 2016 13:00:19 +0100 Jeandet Alexis <alexis.jeandet@xxxxxxxxxxxxxx> wrote: > Le mardi 22 novembre 2016 à 10:43 +0000, jharbold@xxxxxxxxxxx a > écrit : > > I have opened a bug, 1396837, in the Red Hat Bugzilla. > > My suggestion is for all USB port to not enumerate any devices > > plugged in while the screen is locked, even if it is password > > protected. I feel that the integrity of Linux has to be defended > > against this hybrid attack. > What about Yubikey and equivalents? You might want to take a look at the 'usbguard' package. I don't think everyone is likely to be happy to disable usb when screens are locked, as there's a number of cases of things people might want to keep going in that case. However, if you use usbguard you can just allow those specific devices you want to have access. kevin
Attachment:
pgpBhJNfpXqsE.pgp
Description: OpenPGP digital signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
