From: Pavel Machek <pavel@ucw.cz>
To: Salvatore Mesoraca <s.mesoraca16@gmail.com>
Cc: linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
kernel-hardening@lists.openwall.com,
Brad Spengler <spender@grsecurity.net>,
PaX Team <pageexec@freemail.hu>,
Casey Schaufler <casey@schaufler-ca.com>,
Kees Cook <keescook@chromium.org>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH 04/11] S.A.R.A. USB Filtering
Date: Tue, 20 Jun 2017 09:07:21 +0200 [thread overview]
Message-ID: <20170620070721.GA30728@amd> (raw)
In-Reply-To: <1497286620-15027-5-git-send-email-s.mesoraca16@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1370 bytes --]
On Mon 2017-06-12 18:56:53, Salvatore Mesoraca wrote:
> Introduction of S.A.R.A. USB Filtering.
> It uses the "usb_device_auth" LSM hook to provide a mechanism to decide
> which USB devices should be authorized to connect to the system and
> which shouldn't.
> The main goal is to narrow the attack surface for custom USB devices
> designed to exploit vulnerabilities found in some USB device drivers.
> Via configuration it's possible to allow or to deny authorization, based
> on one or more of: Vendor ID, Product ID, bus name and port number. There
> is also support for "trailing wildcards".
Hmm. Given that USB device provides vendor id/product id, this does
not really stop anyone, right?
AFAICT you can still get USB stick with vid/pid of logitech keyboard,
and kernel will recognize it as a usb stick.
So you should not really filter on vid/pid, but on device
types (sha sum of USB descriptor?).
> Depending on the configuration, it can work both as a white list or as a
> black list.
Blacklisting vid/pid is completely useless. Whitelisting vid/pid is
nearly so. Attacker able to plug USB devices sees devices already
attached, so he can guess right vid/pids quite easily.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: Pavel Machek <pavel@ucw.cz>
To: Salvatore Mesoraca <s.mesoraca16@gmail.com>
Cc: linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
kernel-hardening@lists.openwall.com,
Brad Spengler <spender@grsecurity.net>,
PaX Team <pageexec@freemail.hu>,
Casey Schaufler <casey@schaufler-ca.com>,
Kees Cook <keescook@chromium.org>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>
Subject: [kernel-hardening] Re: [PATCH 04/11] S.A.R.A. USB Filtering
Date: Tue, 20 Jun 2017 09:07:21 +0200 [thread overview]
Message-ID: <20170620070721.GA30728@amd> (raw)
In-Reply-To: <1497286620-15027-5-git-send-email-s.mesoraca16@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1370 bytes --]
On Mon 2017-06-12 18:56:53, Salvatore Mesoraca wrote:
> Introduction of S.A.R.A. USB Filtering.
> It uses the "usb_device_auth" LSM hook to provide a mechanism to decide
> which USB devices should be authorized to connect to the system and
> which shouldn't.
> The main goal is to narrow the attack surface for custom USB devices
> designed to exploit vulnerabilities found in some USB device drivers.
> Via configuration it's possible to allow or to deny authorization, based
> on one or more of: Vendor ID, Product ID, bus name and port number. There
> is also support for "trailing wildcards".
Hmm. Given that USB device provides vendor id/product id, this does
not really stop anyone, right?
AFAICT you can still get USB stick with vid/pid of logitech keyboard,
and kernel will recognize it as a usb stick.
So you should not really filter on vid/pid, but on device
types (sha sum of USB descriptor?).
> Depending on the configuration, it can work both as a white list or as a
> black list.
Blacklisting vid/pid is completely useless. Whitelisting vid/pid is
nearly so. Attacker able to plug USB devices sees devices already
attached, so he can guess right vid/pids quite easily.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2017-06-20 7:07 UTC|newest]
Thread overview: 124+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-12 16:56 [PATCH 00/11] S.A.R.A. a new stacked LSM Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 16:56 ` [PATCH 01/11] S.A.R.A. Documentation Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 17:49 ` [kernel-hardening] " Jann Horn
2017-06-12 17:49 ` Jann Horn
2017-06-13 7:43 ` Salvatore Mesoraca
2017-06-13 7:43 ` Salvatore Mesoraca
2017-06-27 22:51 ` Kees Cook
2017-06-27 22:51 ` [kernel-hardening] " Kees Cook
2017-06-27 22:51 ` Kees Cook
2017-06-27 22:54 ` Kees Cook
2017-06-27 22:54 ` [kernel-hardening] " Kees Cook
2017-06-27 22:54 ` Kees Cook
2017-07-04 10:12 ` Salvatore Mesoraca
2017-07-04 10:12 ` [kernel-hardening] " Salvatore Mesoraca
2017-07-04 10:12 ` Salvatore Mesoraca
2017-06-12 16:56 ` [PATCH 02/11] S.A.R.A. framework creation Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 16:56 ` [PATCH 03/11] Creation of "usb_device_auth" LSM hook Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 17:35 ` Krzysztof Opasiak
2017-06-12 17:35 ` [kernel-hardening] " Krzysztof Opasiak
2017-06-12 17:35 ` Krzysztof Opasiak
2017-06-13 7:47 ` Salvatore Mesoraca
2017-06-13 7:47 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-13 7:47 ` Salvatore Mesoraca
2017-06-12 19:38 ` Greg Kroah-Hartman
2017-06-12 19:38 ` [kernel-hardening] " Greg Kroah-Hartman
2017-06-12 19:38 ` Greg Kroah-Hartman
2017-06-13 7:50 ` Salvatore Mesoraca
2017-06-13 7:50 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-13 7:50 ` Salvatore Mesoraca
2017-06-12 21:31 ` Casey Schaufler
2017-06-12 21:31 ` [kernel-hardening] " Casey Schaufler
2017-06-12 21:31 ` Casey Schaufler
2017-06-13 7:51 ` Salvatore Mesoraca
2017-06-13 7:51 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-13 7:51 ` Salvatore Mesoraca
2017-06-13 1:15 ` kbuild test robot
2017-06-13 1:15 ` [kernel-hardening] " kbuild test robot
2017-06-13 1:15 ` kbuild test robot
2017-06-13 3:11 ` kbuild test robot
2017-06-13 3:11 ` [kernel-hardening] " kbuild test robot
2017-06-13 3:11 ` kbuild test robot
2017-06-12 16:56 ` [PATCH 04/11] S.A.R.A. USB Filtering Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-20 7:07 ` Pavel Machek [this message]
2017-06-20 7:07 ` [kernel-hardening] " Pavel Machek
2017-06-20 7:53 ` Salvatore Mesoraca
2017-06-20 7:53 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-20 7:53 ` Salvatore Mesoraca
2017-06-12 16:56 ` [PATCH 05/11] Creation of "check_vmflags" LSM hook Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 21:31 ` Casey Schaufler
2017-06-12 21:31 ` [kernel-hardening] " Casey Schaufler
2017-06-12 21:31 ` Casey Schaufler
2017-06-12 21:31 ` Casey Schaufler
2017-06-13 7:55 ` Salvatore Mesoraca
2017-06-13 7:55 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-13 7:55 ` Salvatore Mesoraca
2017-06-13 7:55 ` Salvatore Mesoraca
2017-06-13 6:34 ` Christoph Hellwig
2017-06-13 6:34 ` [kernel-hardening] " Christoph Hellwig
2017-06-13 6:34 ` Christoph Hellwig
2017-06-13 6:34 ` Christoph Hellwig
2017-06-13 7:52 ` Salvatore Mesoraca
2017-06-13 7:52 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-13 7:52 ` Salvatore Mesoraca
2017-06-13 7:52 ` Salvatore Mesoraca
2017-06-12 16:56 ` [PATCH 06/11] S.A.R.A. cred blob management Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 16:56 ` [PATCH 07/11] S.A.R.A. WX Protection Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 16:56 ` [PATCH 08/11] Creation of "pagefault_handler_x86" LSM hook Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 17:32 ` Thomas Gleixner
2017-06-12 17:32 ` [kernel-hardening] " Thomas Gleixner
2017-06-12 17:32 ` Thomas Gleixner
2017-06-13 7:41 ` Salvatore Mesoraca
2017-06-13 7:41 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-13 7:41 ` Salvatore Mesoraca
2017-06-12 16:56 ` [PATCH 09/11] Trampoline emulation Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-13 0:02 ` kbuild test robot
2017-06-13 0:02 ` [kernel-hardening] " kbuild test robot
2017-06-13 0:02 ` kbuild test robot
2017-06-12 16:56 ` [PATCH 10/11] Allowing for stacking procattr support in S.A.R.A Salvatore Mesoraca
2017-06-12 16:56 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:56 ` Salvatore Mesoraca
2017-06-12 16:57 ` [PATCH 11/11] S.A.R.A. WX Protection procattr interface Salvatore Mesoraca
2017-06-12 16:57 ` [kernel-hardening] " Salvatore Mesoraca
2017-06-12 16:57 ` Salvatore Mesoraca
2017-07-09 19:35 ` [kernel-hardening] [PATCH 00/11] S.A.R.A. a new stacked LSM Mickaël Salaün
2017-07-10 7:59 ` Salvatore Mesoraca
2017-07-10 7:59 ` Salvatore Mesoraca
2017-07-10 23:40 ` Mickaël Salaün
2017-07-11 16:58 ` Salvatore Mesoraca
2017-07-11 16:58 ` Salvatore Mesoraca
2017-07-11 17:49 ` Matt Brown
2017-07-11 17:49 ` Matt Brown
2017-07-11 19:31 ` Mimi Zohar
2017-07-11 19:31 ` Mimi Zohar
2017-07-13 12:39 ` Matt Brown
2017-07-13 12:39 ` Matt Brown
2017-07-13 15:19 ` Mimi Zohar
2017-07-13 15:19 ` Mimi Zohar
2017-07-13 19:51 ` Serge E. Hallyn
2017-07-13 19:51 ` Serge E. Hallyn
2017-07-13 22:33 ` Matt Brown
2017-07-13 22:33 ` Matt Brown
2017-07-24 0:58 ` Casey Schaufler
2017-07-24 0:58 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170620070721.GA30728@amd \
--to=pavel@ucw.cz \
--cc=casey@schaufler-ca.com \
--cc=james.l.morris@oracle.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=pageexec@freemail.hu \
--cc=s.mesoraca16@gmail.com \
--cc=serge@hallyn.com \
--cc=spender@grsecurity.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.