| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Feb 2024 14:46:39 +0200 From: Niko Mauno <niko.mauno@...sala.com> To: Greg KH <gregkh@...uxfoundation.org> Cc: linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org, vesa.jaaskelainen@...sala.com, geert@...ux-m68k.org Subject: Re: [PATCH] usb: core: Kconfig: Improve USB authorization mode help On 10.2.2024 12.27, Greg KH wrote: > On Fri, Feb 09, 2024 at 04:29:51PM +0200, niko.mauno@...sala.com wrote: >> From: Niko Mauno <niko.mauno@...sala.com> >> >> Update the default USB device authorization mode help text so that the >> meaning of the option and it's available values are described more >> accurately. >> >> Signed-off-by: Niko Mauno <niko.mauno@...sala.com> >> --- > > Shouldn't there be a "Reported-by:" line here to give proper credit for > the developer who asked for this? > > > >> drivers/usb/core/Kconfig | 19 +++++++++++++++---- >> 1 file changed, 15 insertions(+), 4 deletions(-) >> >> diff --git a/drivers/usb/core/Kconfig b/drivers/usb/core/Kconfig >> index f337aaea7604..4665df550d36 100644 >> --- a/drivers/usb/core/Kconfig >> +++ b/drivers/usb/core/Kconfig >> @@ -126,10 +126,21 @@ config USB_DEFAULT_AUTHORIZATION_MODE >> Select the default USB device authorization mode. Can be overridden >> with usbcore.authorized_default command line or module parameter. >> >> - The available values have the following meanings: >> - 0 is unauthorized for all devices >> - 1 is authorized for all devices (default) >> - 2 is authorized for internal devices >> + This option allows you to choose whether USB devices that are >> + connected to the system can be used by default, or if they are >> + locked down. >> + >> + With value 0 all connected USB devices with the exception of root >> + hub require user space authorization before they can be used. >> + >> + With value 1 (default) no user space authorization is required to >> + use connected USB devices. >> + >> + With value 2 all connected USB devices with exception of internal >> + USB devices require user space authorization before they can be >> + used. Note that in this mode the differentiation between internal >> + and external USB devices relies on ACPI, and on systems without >> + ACPI selecting value 2 is analogous to selecting value 0. >> >> If the default value is too permissive but you are unsure which mode >> to use, say 2. > > In looking this over, this last sentance really isn't a good suggestion, > as it will turn people's machine into one that by default, doesn't > accept external USB devices, which is probably NOT what they want at > all, and is NOT how Linux has worked for the past 20+ years. > > So maybe a bit better clarification as what the normal default should be > here? > > thanks, > > greg k-h Thank you for the pointers, submitted v2 to address aforementioned issues. -Niko
Powered by blists - more mailing lists