Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Input proxy doesn't handle hybrid keyboard+mouse devices #1618

Closed
marmarek opened this issue Jan 13, 2016 · 20 comments
Closed

Input proxy doesn't handle hybrid keyboard+mouse devices #1618

marmarek opened this issue Jan 13, 2016 · 20 comments
Assignees
@marmarek
Labels
C: other P: major Priority: major. Between "default" and "critical" in severity. r3.1-dom0-stable r3.1-fc21-stable r3.1-fc22-stable r3.1-fc23-stable T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists.
Milestone
Release 3.1

Comments

@marmarek
Copy link
Member

In current settings, such devices would trigger two services: qubes.InputMouse and qubes.InputKeyboard, attached to the same device. Only the first one will succeed, the other one would not receive any events. Apparently in most cases mouse wins.

More info:
https://groups.google.com/d/msgid/qubes-users/56928E93.6030305%40noses.com
@marmarek marmarek added T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists. C: other P: major Priority: major. Between "default" and "critical" in severity. labels Jan 13, 2016
@marmarek marmarek added this to the Release 3.1 milestone Jan 13, 2016
@marmarek
Copy link
Member Author

Surely qubes.InputMouse shouldn't be attached to such device (because it's meant to mouse-only devices). The question is what should be? I see a few options:

  • create another service qubes.InputKeyboardAndMouse, which would handle such devices
  • extend existing qubes.InputKeyboard to also allow mouse events (perhaps then rename it to qubes.inputKeyboardAndMouse...

@rootkovska any opinion?

@marmarek
Copy link
Member Author

A note about renaming service - it would break existing setups when only dom0 or only template got updated. This may mean cutting someone from keyboard access...
So preferably I'd either introduce new service for that and leave the old one too, or extend existing one, without renaming it.

@rootkovska
Copy link
Member

Yeah, we don't want to break existing services (especially they I use them on some of my machines already :P)

@marmarek
Copy link
Member Author

I would go with extending existing service - qubes.InputKeyboard would allow both keyboard and mouse events. Any security drawbacks with that?

@rootkovska
Copy link
Member

Well qubes.InputKeyboard is already a serious security hole (and it's good it has "deny" policy by default), and I don't think adding mouse events to it might change much here.

@rootkovska
Copy link
Member

... of course qubes.InputKeyboard is still much better than having USB controller in Dom0, which has been the only way so far to support keyboard on some systems. There is a limit to what we can do in software...

@marmarek
Copy link
Member Author

@rootkovska do you have some wireless mouse? If so, could you check udevadm info -q all -n input/eventX (with appropriate event device) for ID_INPUT_* vars? To be sure that mouse is really visible as a mouse, not mouse+keyboard. Otherwise this change would break such setup...

@marmarek
Copy link
Member Author

I've checked that in the meantime - Logitech Unifying Receiver is discovered as keyboard+mouse device, even when it's paired only with a mouse. So directing this to qubes.InputKeyboard unconditionally would make it impossible to use mouse-only device (with keyboard access blocked)...
As this decision (whether to allow USB keyboard or not) needs to be made, I think it may simply affect all the input devices connected to the USB VM. Not sure about the details yet, maybe simply qubes.Input service with a configuration what kind of events should be allowed?

@marmarek marmarek self-assigned this Feb 5, 2016
marmarek added a commit to marmarek/qubes-app-linux-input-proxy that referenced this issue Feb 5, 2016
@marmarek
sender: do not treat device disconnection as an error
b8fbc02 
This way possible fallback service wouldn't be triggered for already
disconnected device

QubesOS/qubes-issues#1618
marmarek added a commit to marmarek/qubes-app-linux-input-proxy that referenced this issue Feb 5, 2016
@marmarek
sender: do not treat device disconnection as an error
19c0747 
This way possible fallback service wouldn't be triggered for already
disconnected device

QubesOS/qubes-issues#1618
marmarek added a commit to marmarek/qubes-app-linux-input-proxy that referenced this issue Feb 5, 2016
@marmarek
sender: do not treat device disconnection as an error
87e7651 
This way possible fallback service wouldn't be triggered for already
disconnected device

QubesOS/qubes-issues#1618
@ag4ve
Copy link

ag4ve commented Feb 6, 2016

On Jan 16, 2016 7:37 PM, "Marek Marczykowski-Górecki" <
notifications@github.com> wrote:

I've checked that in the meantime - Logitech Unifying Receiver is
discovered as keyboard+mouse device, even when it's paired only with a
mouse. So directing this to qubes.InputKeyboard unconditionally would make
it impossible to use mouse-only device (with keyboard access blocked)...
As this decision (whether to allow USB keyboard or not) needs to be made,
I think it may simply affect all the input devices connected to the USB VM.
Not sure about the details yet, maybe simply qubes.Input service with a
configuration what kind of events should be allowed?

Maybe I'm misreading this but it might be best to just make the proxy's
kb/mouse device as a user decision. With or without this proxy VM, it's
probably the right thing to do to ask if a user wants to limit kb/mouse and
provide a pretty UI to do so. OTOH, I think trying to automate this either
leads to a system that's too open or too closed (as seems to be the case
with the Logitech test).

Ie, I have no use for you reducing security to support any wireless
kb/mouse (I don't have any and kinda disagree with their use). But maybe
I'd want the proxy to 'bring up' whatever interface my Ducky kb shows for
reprogramming (I don't really care about this but...). Further, IIRC I've
got 4x kb types and 3x mouse types here, so if I wanted support for any
hardware I'm likely to use here, I'd need to configure 7x devices. All
(except the Ducky) only provide one simple HID and that's what I'd expect
to allow.

@marmarek
Copy link
Member Author

marmarek commented Feb 6, 2016

The final solution is to try both in case of hybrid device. In short:

  • mouse only device - connect to qubes.InputMouse
  • keyboard only device - connect to qubes.InputKeyboard
  • keyboard+mouse device - connect to qubes.InputKeyboard, then if fails, connect to qubes.InputMouse

qubes.InputKeyboard allows both keyboard and mouse events.

This way, it's up to the user to either allow or deny keyboard devices connected to USB VM. And in case of deny (the default), mouse events will be still allowed from hybrid devices.

There is no GUI for setting qrexec policy yet, but that's just a single line in configuration.

@marmarek
Copy link
Member Author

Automated announcement from builder-github

The package qubes-input-proxy-1.0.3-1.fc21 has been pushed to the r3.1 testing repository for the Fedora fc21 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.1-current-testing

Changes included in this update

@marmarek
Copy link
Member Author

Automated announcement from builder-github

The package qubes-input-proxy-1.0.3-1.fc22 has been pushed to the r3.1 testing repository for the Fedora fc22 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.1-current-testing

Changes included in this update

@marmarek
Copy link
Member Author

Automated announcement from builder-github

The package qubes-input-proxy-1.0.3-1.fc23 has been pushed to the r3.1 testing repository for the Fedora fc23 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r3.1-current-testing

Changes included in this update

@marmarek
Copy link
Member Author

Automated announcement from builder-github

The package qubes-input-proxy-1.0.3-1.fc20 has been pushed to the r3.1 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

@marmarek
Copy link
Member Author

Automated announcement from builder-github

The package qubes-input-proxy-1.0.3-1.fc21 has been pushed to the r3.1 stable repository for the Fedora fc21 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

@marmarek
Copy link
Member Author

Automated announcement from builder-github

The package qubes-input-proxy-1.0.3-1.fc22 has been pushed to the r3.1 stable repository for the Fedora fc22 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

@marmarek
Copy link
Member Author

Automated announcement from builder-github

The package qubes-input-proxy-1.0.3-1.fc23 has been pushed to the r3.1 stable repository for the Fedora fc23 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

@marmarek
Copy link
Member Author

Automated announcement from builder-github

The package qubes-input-proxy-1.0.3-1.fc20 has been pushed to the r3.1 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

marmarek added a commit to marmarek/qubes-app-linux-input-proxy that referenced this issue Jul 17, 2016
@marmarek
tests: fix test for mouse+keyboard devices
9e4acc2 
On fc23-based dom0 a single mouse+keyboard device is listed as two
devices (one in "pointer" section, other as "keyboard"). This confuses
'xinput list', so add explicit request for device type.

QubesOS/qubes-issues#1618
@Alexfinkelshtein
Copy link

The final solution is to try both in case of hybrid device. In short:

  • mouse only device - connect to qubes.InputMouse
  • keyboard only device - connect to qubes.InputKeyboard
  • keyboard+mouse device - connect to qubes.InputKeyboard, then if fails, connect to qubes.InputMouse

qubes.InputKeyboard allows both keyboard and mouse events.

This way, it's up to the user to either allow or deny keyboard devices connected to USB VM. And in case of deny (the default), mouse events will be still allowed from hybrid devices.

There is no GUI for setting qrexec policy yet, but that's just a single line in configuration.

Hi, I am new with QubeOs, I didn't fully understand how to apply this solution.
what would be the single line to make it work?

@unman
Copy link
Member

unman commented Jun 4, 2020 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marmarek marmarek

Labels
C: other P: major Priority: major. Between "default" and "critical" in severity. r3.1-dom0-stable r3.1-fc21-stable r3.1-fc22-stable r3.1-fc23-stable T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists.
Projects
None yet
Milestone
Release 3.1
Development

No branches or pull requests
5 participants
@marmarek @ag4ve @rootkovska @unman @Alexfinkelshtein