Re: Fwd: Re: F28 Self Contained Change: Thunderbolt Enablement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 08/01/18 10:23, Christian Kellner wrote:

Hi Tom,

On Mon, 8 Jan, 2018 at 11:07 AM, Tom Hughes <tom@xxxxxxxxxx> wrote:

On 08/01/18 09:59, Christian Kellner wrote:

    The current design how gnome-shell and boltd work together will
    avoid showing any prompts at all as long as a) the current user
    is an admin, b) she is logged in and c) the session is unlocked.
    We hope that this will take care of most situations where people
plug in thunderbolt devices. I obviously misunderstood... I thought the whole point of the desktop bit was so it could prompt you when it saw a new device? Ideally I would have though with the option to allow it once or permanently. If this is so potentially dangerous what's the logic behind going to all this trouble and then not actually asking the user?
Can I point you to the design document for answers to that question: https://wiki.gnome.org/Design/Whiteboards/ThunderboltAccess
Although I did not come up with the design myself, I do indeed agree that for most people "do you want to allow XXX to work" is not a meaningful question and the most likely thing happening is that people click yes not matter what. The main attack vector that is prevented but "all this trouble" is that someone plugs in a malicious tb3 device into your computer to read all your main memory while you are away from the computer.
I guess that does make reasonable sense if the model is that for an unlocked machine with an administrator logged in that user is physically present to observe anything being plugged in.
The only real concern then is that the implicit permanent authorisation of the device - that if you can once get an administrator to plug it in you can in future do so when they aren't present.
So if I am J Evil Hacker and I can get you to connect to my projector at a conference then I can in future plug my Evil Memory Stealer device in that presents the same ID and hence gets accepted. 

Tom

--
Tom Hughes (tom@xxxxxxxxxx)
http://compton.nu/
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux