Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enabling debug console by default poses a security risk #159

Open
ntietz opened this issue Oct 12, 2016 · 1 comment
Open

Enabling debug console by default poses a security risk #159

ntietz opened this issue Oct 12, 2016 · 1 comment
Assignees
@haata @smasher816
Labels
enhancement
Milestone
v0.6.x

Comments

@ntietz
Copy link
Contributor

ntietz commented Oct 12, 2016

Currently, the debug console is enabled by default. On OS X, this means that any user of the system (which is, by definition, a multi-user system) is able to read any key that is pressed on the keyboard.

This is enabled by default for both custom-built firmware and for firmware downloaded from the configurator tool. This is a dangerous default, and not behavior that users would expect.

I suggest disabling this by default, and allowing users to enable it if they need that functionality (as most users will likely not). I will be submitting a pull request with this fix shortly.
@ntietz ntietz mentioned this issue Oct 12, 2016
Closed
@rossy rossy mentioned this issue May 21, 2017
Open
@haata
Copy link
Member

haata commented Oct 3, 2017

I'm still tracking this. The more I've thought about this...the more I agree with it.
Still not quite ready yet, but I will once HID-IO is ready.

@manno manno mentioned this issue Feb 5, 2018
Open
@haata haata added this to the v0.6.x milestone Feb 18, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@haata haata

@smasher816 smasher816

Labels
enhancement
Projects
None yet
Milestone
v0.6.x
Development

No branches or pull requests
3 participants
@haata @ntietz @smasher816