https://bugzilla.redhat.com/show_bug.cgi?id=1554022 Bug ID: 1554022 Summary: Review Request: usbauth-notifier - Notifier for USB Firewall to use with desktop environments Product: Fedora Version: rawhide Component: Package Review Severity: medium Assignee: nobody@xxxxxxxxxxxxxxxxx Reporter: stefan.koch10@xxxxxxxxx QA Contact: extras-qa@xxxxxxxxxxxxxxxxx CC: package-review@xxxxxxxxxxxxxxxxxxxxxxx ### usbauth-notifier ### Spec URL: https://copr-be.cloud.fedoraproject.org/results/kochstefan/usbauth-all/fedora-27-x86_64/00726580-usbauth-notifier/usbauth-notifier.spec SRPM URL: https://copr-be.cloud.fedoraproject.org/results/kochstefan/usbauth-all/fedora-27-x86_64/00726580-usbauth-notifier/usbauth-notifier-1.0-1.fc27.src.rpm Description: A notifier for the usbauth firewall against BadUSB attacks. The user could manually allow or deny USB devices. Every user that wants use the notifier must be added to the usbauth group. ####################### Hi I want to add the packages libusbauth-configparser, usbauth, usbauth-notifier to Fedora. I need a review and a sponsor for packaging these packages. The usbauth packages already part of openSUSE Tumbleweed, Debian Sid and Ubuntu 18.04 (pre). This work was initially created for SUSE in 2015. Part of it was the USB interface authorization for the Linux kernel. It's contained in Linux since kernel version 4.4. There are the following packages libusbauth-configparser, usbauth, usbauth-notifier. GIT Repository: https://github.com/kochstefan/usbauth-all.git NOTICE aboud usbguard and usbauth: The usbguard project provides an USB firewall, too. It is already packaged within debian. The usbguard development was supported by RedHat and usbauth was supported by SUSE. Historical, usbguard was published while the working on usbauth has already been started. The main difference is that usbguard works with USB devices and usbauth works with USB interfaces. usbauth could allow/deny usb interfaces using the new usb interface authorization mechanism that is part of linux 4.4 and above. See also: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/log/?h=v4.4.94&qt=grep&q=interface+auth Examples: * allow a storage functionality of a USB device and deny USB Ethernet of the same device * allow audio/video functionality of an USB TV card and deny using the remote control functionality * allow USB printing/scanning and deny USB storage usage of a multifunction printer (BTW: the interface mechanism supports denying user space triggered actions (using USB claiming) like scanning) usbguard could allow/deny USB devices using the usb device authorization mechanism of the Linux kernel. It allows to denying a whole device if one interface of it is considered as bad (usbauth supports this, too) usbguard allows creating actions that is not supported by usbauth. If you can understand German language you could read a detailed description: https://epub.uni-bayreuth.de/3048/1/koch2017sicherheitsaspekte.pdf Thank you Stefan Koch -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
