/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhancement request: disable new USB devices while locked #3860

Open
Rudd-O opened this Issue Apr 26, 2018 · 2 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Far in the future
2 participants
@Rudd-O @andrewdavidwong
@Rudd-O

Rudd-O commented Apr 26, 2018

Quick spec

  • systemwide daemon (auto started on boot if enabled via systemd). job of daemon is to latch onto dbus logind interface, and maintain a boolean "is active session unlocked?". when boolean changes, apply USB configuration to runtime kernel as appropriate. this obviously must also be the case upon startup of daemon.

  • preference panel that allows the user to select whether to make systemwide daemon active or not, and if config file is not writable, uses consolekit to change its config (probably with permission to change config file defaulting to console user). daemon detects config change and reloads its config. simple state machine to cover all state transitions must be written in daemon.

Qubes integration:

a) qubes preference panel for GUI VM that 1. allows user to designate USB VM 2. allows user to enable / disable the functionality of the systemwide daemon. consolekit policy probably enough to default to qubes one.

b) in the case of running in GUI VM, and sys USB VM is present and configured, the systemwide daemon (server to the user session daemon) no longer does its job of altering runtime kernel config directly, but rather proxies its decisions via qrexec to a process in the USB VM via qrexec service qubes.AlterRuntimeUSBConfig. if qrexec operation fails with VM not connected, then operation should be queued and retried later, to allow for startup of VM.

Here's an idea I thought about when I was traveling last week. I'm posting it now to see if it gets any traction. We don't want USB devices to be activated when machines are locked.

@andrewdavidwong andrewdavidwong added enhancement C: core security labels Apr 27, 2018

@andrewdavidwong andrewdavidwong added this to the Far in the future milestone Apr 27, 2018

@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Apr 27, 2018

Member

How is this different from #2811?
Member

andrewdavidwong commented Apr 27, 2018

How is this different from #2811?
@Rudd-O

This comment has been minimized.

Show comment
Hide comment
@Rudd-O

Rudd-O Apr 27, 2018

Rudd-O commented Apr 27, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment