Add AUDIO_EFFECTS to distinguish from others #10744
Conversation
|
wasn't there physical effects? |
|
Looks good to me. I think a separate constant for AUDIO is beneficial, but do we need/want this distinction between software/hardware audio? This line gets blurry, as some systems will emit a beep from the internal speaker if no audio device is configured. # Module may cause software to output audio from the speakers (Example: the app plays music)
AUDIO_EFFECTS = 'audio-effects'
# Module may produce physical effects in hardware (Examples: LED or LCD changes or hardware beeps)
PHYSICAL_EFFECTS = 'physical-effects' |
|
I made the distinction because I assumed we wanted to be clear and break down the constants, since we've been going that route. Hardware vs. software was one such distinction. I have a proposed compromise that I think works better. |
|
Out of curiosity is there any modules which currently have an audible effect? |
|
Probably. https://holeybeep.ninja/ comes to mind as a vuln. That's a hardware beep, but it's all hardware in the end, usually with some software component. The line is indeed blurry. |
|
I updated the constant descriptions (though they're only comments right now), and I think I am happy with them now. |
|
@h00die The lastore_daemon_dbus_priv_esc.rb module installs a system package, resulting in an audible sound. As per the documentation: |
| @@ -82,7 +82,9 @@ module Msf | |||
| ACCOUNT_LOCKOUTS = 'account-lockouts' | |||
| # Module may show something on the screen (Example: a window pops up) | |||
| SCREEN_EFFECTS = 'screen-effects' | |||
There was a problem hiding this comment.
Screen being pop up boxes, relics displayed in a browser
Physical being cdrom ejection, scada valve movement
Visual being changing an external LED number display
That's how I'd think, but visual vs screen took a little bit of thinking about
There was a problem hiding this comment.
So are we adding another constant?
There was a problem hiding this comment.
So for me that means:
SCREEN_EFFECTS: Something the user can see on the screen that allows them to realize the machine is being exploited.
PHYSICAL_EFFECTS: It involves a moving object.
AUDIO_EFFECTS: A noise or sound that allows the user to realize the machine is being exploited.
VISUAL_EFFECT: Kind of sounds like a sub-category of screen_effects. A little hard to draw the line for me.
There was a problem hiding this comment.
I'd also add that physical could be a temperature as well. Like a Crock-Pot :)
There was a problem hiding this comment.
I like sinn3r's summary of constants. I think these are solid (note: small edits):
# Module may show something on the screen (Example: a window pops up)
SCREEN_EFFECTS = 'screen-effects'
# Module may cause a noise (Example: output audio from the speakers or hardware beep)
AUDIO_EFFECTS = 'audio-effects'
# Module may produce physical effects (Example: the device moves)
PHYSICAL_EFFECTS = 'physical-effects'The question remains whether an external LED or LCD falls within SCREEN_EFFECTS or a new VISUAL_EFFECTS category.
There was a problem hiding this comment.
Yeah, hardware beeps should go in AUDIO_EFFECTS. We're trying to be specific and at the same time not confusing, heh.
I think I'll change "the device moves" to "the device makes movement," since the implication is that there is movement, not necessarily locomotion.
There was a problem hiding this comment.
@h00die: I removed that because it potentially puts us in hot water. No pun intended.
There was a problem hiding this comment.
We've decided to leave VISUAL_EFFECTS out for now. It's a bit too nuanced to be useful right now, IMHO. I think we are in alignment with the current designations.
|
Nice. Ok this looks good. It looks like this PR has everyone's blessing, so I will go ahead and land this. I'll also remember to document what everyone says here so we're all happy with the definitions. Thank you everyone! |
Release NotesThis adds the |
|
Thank you, lovely pedants, myself included. :-) |
Updates #10707.