/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No confirmation dialog when attaching USB mouse #3481

Closed
mossy-nw opened this Issue Jan 19, 2018 · 4 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
3 participants
@mossy-nw @marmarek @andrewdavidwong
@mossy-nw

mossy-nw commented Jan 19, 2018

Qubes OS version:

R4.0

Affected TemplateVMs:

Steps to reproduce the behavior:

Attach USB mouse to system running sys-usb qube

Expected behavior:

Dialog pops up requiring confirmation before mouse input is passed through sys-usb to dom0

Actual behavior:

Mouse input it passed through with just a popup notification (no dialog/user action required).

General notes:

Seems like even if intentional this could be a security risk? I always feel nervous giving anything access to dom0, it makes me feel slightly better to give explicit consent (as under R3.2).

Related issues:

perhaps removing friction from the default target input issue #3251 removed too much friction? : )
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jan 19, 2018

Member

This is intended effect, only mouse is allowed by default (but keyboard is not). See https://www.qubes-os.org/doc/usb/#security-warning-about-usb-input-devices for details

If you want to get confirmation, edit /etc/qubes-rpc/policy/qubes.InputMouse and change allow to ask,default_target=dom0.
Member

marmarek commented Jan 19, 2018

This is intended effect, only mouse is allowed by default (but keyboard is not). See https://www.qubes-os.org/doc/usb/#security-warning-about-usb-input-devices for details

If you want to get confirmation, edit /etc/qubes-rpc/policy/qubes.InputMouse and change allow to ask,default_target=dom0.
@mossy-nw

This comment has been minimized.

Show comment
Hide comment
@mossy-nw

mossy-nw Jan 19, 2018

From qrexec policy documentation I think this is the result of default setting /etc/qubes-rpc/policy/qubes.InputMouse to

sys-usb dom0 allow,user=root

mossy-nw commented Jan 19, 2018

From qrexec policy documentation I think this is the result of default setting /etc/qubes-rpc/policy/qubes.InputMouse to

sys-usb dom0 allow,user=root
@mossy-nw

This comment has been minimized.

Show comment
Hide comment
@mossy-nw

mossy-nw Jan 19, 2018

ah. you beat me to it. perfect, thanks @marmarek
I'll read through to see if the docs need updating, update if need be then close the issue.

mossy-nw commented Jan 19, 2018
edited
Edited 1 time
  • @mossy-nw mossy-nw edited Jan 19, 2018 (most recent)

ah. you beat me to it. perfect, thanks @marmarek
I'll read through to see if the docs need updating, update if need be then close the issue.
@mossy-nw

@mossy-nw mossy-nw closed this Jan 19, 2018

@andrewdavidwong andrewdavidwong added the resolved label Jan 20, 2018

@shunju shunju referenced this issue Mar 19, 2018

Open

Inconsistent handling of USB input devices (mouse and keyboard) #3722

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment