Re: Fwd: Re: F28 Self Contained Change: Thunderbolt Enablement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Mon, 8 Jan, 2018 at 11:44 AM, Tom Hughes <tom@xxxxxxxxxx> wrote:
The only real concern then is that the implicit permanent authorisation of the device - that if you can once get an administrator to plug it in you can in future do so when they aren't present. So if I am J Evil Hacker and I can get you to connect to my projector at a conference then I can in future plug my Evil Memory Stealer device in that presents the same ID and hence gets accepted.

Yep, that is indeed tricky. The problem is, that J Evil Hacker build the Evil Memory Stealer in such a way that you have to authorize it to get a picture at all and the already super nervous Speaker (who was already a bit late and his talk is of course too long) just wants to get that ****** projector working NOW and so clicks YES YES YES on any dialog warning him. But you are of course right that this problem. For people who really care, the solution is to put the daemon in paranoid mode before going to untrusted environments. A better solution would be if we had a global status somewhere if we are in a safe or unsafe environment and honour that for thunderbolt and also usb etc. pp.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux