On 08/01/18 10:23, Christian Kellner wrote:
Hi Tom,
On Mon, 8 Jan, 2018 at 11:07 AM, Tom Hughes <tom@xxxxxxxxxx> wrote:
On 08/01/18 09:59, Christian Kellner wrote:
The current design how gnome-shell and boltd work together will
avoid showing any prompts at all as long as a) the current user
is an admin, b) she is logged in and c) the session is unlocked.
We hope that this will take care of most situations where people
plug in thunderbolt devices.
I obviously misunderstood... I thought the whole point of the desktop
bit was so it could prompt you when it saw a new device? Ideally I
would have though with the option to allow it once or permanently. If
this is so potentially dangerous what's the logic behind going to all
this trouble and then not actually asking the user?
Can I point you to the design document for answers to that question:
https://wiki.gnome.org/Design/Whiteboards/ThunderboltAccess
Although I did not come up with the design myself, I do indeed agree
that for most people "do you want to allow XXX to work" is not a
meaningful question and the most likely thing happening is that people
click yes not matter what. The main attack vector that is prevented but
"all this trouble" is that someone plugs in a malicious tb3 device into
your computer to read all your main memory while you are away from the
computer.
I guess that does make reasonable sense if the model is that for an
unlocked machine with an administrator logged in that user is physically
present to observe anything being plugged in.
The only real concern then is that the implicit permanent authorisation
of the device - that if you can once get an administrator to plug it in
you can in future do so when they aren't present.
So if I am J Evil Hacker and I can get you to connect to my projector at
a conference then I can in future plug my Evil Memory Stealer device in
that presents the same ID and hence gets accepted.
Tom
--
Tom Hughes (tom@xxxxxxxxxx)
http://compton.nu/
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx