lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <263d486c-655b-4179-841b-de3ad04de38d@vaisala.com>
Date: Tue, 13 Feb 2024 14:46:39 +0200
From: Niko Mauno <niko.mauno@...sala.com>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
 vesa.jaaskelainen@...sala.com, geert@...ux-m68k.org
Subject: Re: [PATCH] usb: core: Kconfig: Improve USB authorization mode help

On 10.2.2024 12.27, Greg KH wrote:
> On Fri, Feb 09, 2024 at 04:29:51PM +0200, niko.mauno@...sala.com wrote:
>> From: Niko Mauno <niko.mauno@...sala.com>
>>
>> Update the default USB device authorization mode help text so that the
>> meaning of the option and it's available values are described more
>> accurately.
>>
>> Signed-off-by: Niko Mauno <niko.mauno@...sala.com>
>> ---
> 
> Shouldn't there be a "Reported-by:" line here to give proper credit for
> the developer who asked for this?
> 
> 
> 
>>   drivers/usb/core/Kconfig | 19 +++++++++++++++----
>>   1 file changed, 15 insertions(+), 4 deletions(-)
>>
>> diff --git a/drivers/usb/core/Kconfig b/drivers/usb/core/Kconfig
>> index f337aaea7604..4665df550d36 100644
>> --- a/drivers/usb/core/Kconfig
>> +++ b/drivers/usb/core/Kconfig
>> @@ -126,10 +126,21 @@ config USB_DEFAULT_AUTHORIZATION_MODE
>>   	  Select the default USB device authorization mode. Can be overridden
>>   	  with usbcore.authorized_default command line or module parameter.
>>   
>> -	  The available values have the following meanings:
>> -		0 is unauthorized for all devices
>> -		1 is authorized for all devices (default)
>> -		2 is authorized for internal devices
>> +	  This option allows you to choose whether USB devices that are
>> +	  connected to the system can be used by default, or if they are
>> +	  locked down.
>> +
>> +	  With value 0 all connected USB devices with the exception of root
>> +	  hub require user space authorization before they can be used.
>> +
>> +	  With value 1 (default) no user space authorization is required to
>> +	  use connected USB devices.
>> +
>> +	  With value 2 all connected USB devices with exception of internal
>> +	  USB devices require user space authorization before they can be
>> +	  used. Note that in this mode the differentiation between internal
>> +	  and external USB devices relies on ACPI, and on systems without
>> +	  ACPI selecting value 2 is analogous to selecting value 0.
>>   
>>   	  If the default value is too permissive but you are unsure which mode
>>   	  to use, say 2.
> 
> In looking this over, this last sentance really isn't a good suggestion,
> as it will turn people's machine into one that by default, doesn't
> accept external USB devices, which is probably NOT what they want at
> all, and is NOT how Linux has worked for the past 20+ years.
> 
> So maybe a bit better clarification as what the normal default should be
> here?
> 
> thanks,
> 
> greg k-h

Thank you for the pointers, submitted v2 to address aforementioned issues.
-Niko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ