lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2024021043-nursing-unbridle-cea4@gregkh>
Date: Sat, 10 Feb 2024 10:27:58 +0000
From: Greg KH <gregkh@...uxfoundation.org>
To: niko.mauno@...sala.com
Cc: linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
	vesa.jaaskelainen@...sala.com, geert@...ux-m68k.org
Subject: Re: [PATCH] usb: core: Kconfig: Improve USB authorization mode help

On Fri, Feb 09, 2024 at 04:29:51PM +0200, niko.mauno@...sala.com wrote:
> From: Niko Mauno <niko.mauno@...sala.com>
> 
> Update the default USB device authorization mode help text so that the
> meaning of the option and it's available values are described more
> accurately.
> 
> Signed-off-by: Niko Mauno <niko.mauno@...sala.com>
> ---

Shouldn't there be a "Reported-by:" line here to give proper credit for
the developer who asked for this?



>  drivers/usb/core/Kconfig | 19 +++++++++++++++----
>  1 file changed, 15 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/usb/core/Kconfig b/drivers/usb/core/Kconfig
> index f337aaea7604..4665df550d36 100644
> --- a/drivers/usb/core/Kconfig
> +++ b/drivers/usb/core/Kconfig
> @@ -126,10 +126,21 @@ config USB_DEFAULT_AUTHORIZATION_MODE
>  	  Select the default USB device authorization mode. Can be overridden
>  	  with usbcore.authorized_default command line or module parameter.
>  
> -	  The available values have the following meanings:
> -		0 is unauthorized for all devices
> -		1 is authorized for all devices (default)
> -		2 is authorized for internal devices
> +	  This option allows you to choose whether USB devices that are
> +	  connected to the system can be used by default, or if they are
> +	  locked down.
> +
> +	  With value 0 all connected USB devices with the exception of root
> +	  hub require user space authorization before they can be used.
> +
> +	  With value 1 (default) no user space authorization is required to
> +	  use connected USB devices.
> +
> +	  With value 2 all connected USB devices with exception of internal
> +	  USB devices require user space authorization before they can be
> +	  used. Note that in this mode the differentiation between internal
> +	  and external USB devices relies on ACPI, and on systems without
> +	  ACPI selecting value 2 is analogous to selecting value 0.
>  
>  	  If the default value is too permissive but you are unsure which mode
>  	  to use, say 2.

In looking this over, this last sentance really isn't a good suggestion,
as it will turn people's machine into one that by default, doesn't
accept external USB devices, which is probably NOT what they want at
all, and is NOT how Linux has worked for the past 20+ years.

So maybe a bit better clarification as what the normal default should be
here?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ