Hi Johan, > The check for HIGH security level dates back to pre-mgmt times when a > raw L2CAP socket with HIGH security level was used to trigger dedicated > bonding. For legacy pairing checking for the security level was the only > way to catch the need to authenticate in all scenarios. With mgmt > however, the pair_device command does not use HIGH security but MEDIUM > security. Therefore, the existing code would never trigger > authentication for a non-SSP connection without an MITM requirement > (e.g. if user space provided a NoInputNoOutput IO capability). In such a > scenario the mgmt_pair_device command would return success without > actually triggering any kind of pairing. > > This patch updates the authentication requirement check to also consider > MEDIUM security level, and thereby ensures that mgmt_pair_device will > always trigger authentication. > > Signed-off-by: Johan Hedberg <johan.hedberg@xxxxxxxxx> > --- > This one should probably get a Cc: stable flag. It's also a > pre-requisite for the first mgmt-tester pairing test case that was > recently added to user space git. > > net/bluetooth/hci_event.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) patch has been applied to bluetooth-next tree. I want to give this some time to get tested via bluetooth-next before we mark this as to be backported to stable. Regards Marcel -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
