Am 06.12.19 um 00:33 schrieb John M. Harris Jr: > >> Uh, locking down USB like that doesn't really work. USB has no >> mechanism for recognizing devices securely, which means any whitelist >> is pointless because any device can claim to be whatever it wants to >> be. (And yes, it would be great if we could be a bit more secure >> there, but it's an orthogonal problem) > Well, that's not entirely true. For example, while devices could easily give a > false VID and PID, even just limiting that would be a useful feature, because > it'd limit the USB functionality of the system (only the modules Linux maps > those VID/PID combos to would be available). > If you just go and buy some cheap usb drives from a single seller, you can endup with the same serial numbers on several drives and i'm not surprised if they also clone any other IDs. I think a "we do our best" approach is here really better than doing nothing at all. if possible, powering down the usb connectors when they are not in use, would be a good idea. That still does not protect from destructive fake-usb devices, but simply inserting something in an open port, would not work anymore. I know that not all usb io hw supports it, but when, it should be done. Best regards, Marius _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
