Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

USB-C behavior & potential bypasses #579

Open
pdolinic opened this issue Dec 23, 2022 · 3 comments
Open

USB-C behavior & potential bypasses #579

pdolinic opened this issue Dec 23, 2022 · 3 comments

Comments

@pdolinic
Copy link

pdolinic commented Dec 23, 2022
edited

Even though USB-C connected devices show as blocked usbguard list-devices, they appear visible on the Linux file-system tree (thunar for example), (try it via a phone USB-C -> USB-C)

Some investigation might be worth there, and if one could exploit simply adding USB-C Dongles on top of USB-A/USB-B.

The first time I found this interesting, was when playing around with USB-C Yubikeys.
@hartwork
Copy link
Contributor

Hi @pdolinic, maybe its just me but I think a few pictures and/or shell output would help to better understand the blocked-and-not-blocked situation that you're describing. Could you demonstrate for a particular device what parts of the system show that's blocked in detail and what parts don't? E.g. I'm unsure if we're talking a mounted file system here or more existence of a /dev/foo block device and so on. More details would be great. Thank you!

@pdolinic
Copy link
Author

pdolinic commented Dec 24, 2022
edited

Hey @hartwork , thanks for replying

So I've tested
a) a mixed USB-C Headphone from Logitech & everything seems to be as expected (seeing it block in the terminal, and looking for it the sound output it is not appearing as well)
b) but on the test-phone (connected via USB-C cable -> USB-C laptop input), I can see it in the file manager appear, even before having given it any unblock via usbguard-add device xyz <-> I assume this is just cosmetic?

pixel1-blocked

State:

17: block id 18d1:4ee1 serial "strippedXYZ" name "Pixel 6 Pro" hash "strippedXYZ" parent-hash "strippedXYZ" via-port "3-4" with-interface 06:01:01 with-connect-type "hotplug"
  • Maybe this is just cosmetic, are there any paths /ways I could check?
  • Even when going on the phone on "USB Preferences -> File transfer" I cannot access the data, so USBGuard appears to be working
    • Also sharing internet does not appear to work via "USB tethering"
    • Not sure if this is worth to mention: The phone is getting charged via the bus?
  • Still the question remains, why it is showing up on devices?

Thanks

@commandline-be
Copy link

could it be you do see the device show up but you cannot browse the filesystem(s) ?
i think that's what I've seen before and should be 'normal behavior'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hartwork @commandline-be @pdolinic