Hi Tom,
On Mon, 8 Jan, 2018 at 11:07 AM, Tom Hughes <tom@xxxxxxxxxx> wrote:
On 08/01/18 09:59, Christian Kellner wrote:The current design how gnome-shell and boltd work together will avoid showing any prompts at all as long as a) the current user is an admin, b) she is logged in and c) the session is unlocked. We hope that this will take care of most situations where people plug in thunderbolt devices.I obviously misunderstood... I thought the whole point of the desktop bit was so it could prompt you when it saw a new device? Ideally I would have though with the option to allow it once or permanently. If this is so potentially dangerous what's the logic behind going to all this trouble and then not actually asking the user?
Can I point you to the design document for answers to that question: https://wiki.gnome.org/Design/Whiteboards/ThunderboltAccess
Although I did not come up with the design myself, I do indeed agree that for most people "do you want to allow XXX to work" is not a meaningful question and the most likely thing happening is that people click yes not matter what. The main attack vector that is prevented but "all this trouble" is that someone plugs in a malicious tb3 device into your computer to read all your main memory while you are away from the computer.
FWIW: I do intend to add a "paranoid" mode for people that know what they are doing and are maybe exposed to more security relevant contexts; in such a mode we would indeed show a
polkit-dialog for all devices (https://github.com/gicmo/bolt/issues/14). But that will not be the default.
Cheers,
CK
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
