Feature #8989
Prompt before activating non-storage USB devices plugged after login
0%
Description
In advance, I’ll admit I’m new to this area (udev rules), so keep in mind that this might not be sensible.
Ref: http://askubuntu.com/questions/531445/only-use-mass-storage-devices-on-a-selected-usb-port-how
The thought was that Tails could implement something like described above, in order to mitigate compromised badUSB devices. The thought was that most devices connected after boot with be storage, and anything else (particularly input devices) would require user intervention via prompt.
As I’m thinking, right after boot, a script could prevent any further usb devices from connecting if the driver is not usb-storage. Some privileged daemon would monitor for new devices, and prompt the user on recognition, which would write a new permissive udev rule to allow that device (perhaps restricted by device class).
Subtasks
Related issues
| Is duplicate of Tails - Feature #9569: Research available protections against rogue USB devices | Confirmed | 2015-06-13 |
History
#1 Updated by BitingBird 2015-03-01 23:13:20
Right now, external devices plugged are not automatically mounted, you have to click on them in nautilus to mount them (well, that’s how it should be anyway, but we have Bug #8720). Nothing happens if the user doesn’t choose to, so I think an additional warning would be too much.
#2 Updated by patcon 2015-03-02 03:55:51
Ah ok, I didn’t actually have a USB input device to check, but if I’m understanding you correctly, then I guess we can close this. Thanks!
#3 Updated by intrigeri 2015-03-02 11:06:51
> Ah ok, I didn’t actually have a USB input device to check, but if I’m understanding you correctly, then I guess we can close this. Thanks!
The issue that was raised initially is about USB devices that are not handled by the usb_storage driver, so “not mounting filesystems” doesn’t address it at all.
Indeed, I think that having some kind of “USB firewall”, like was suggested, makes sense… and will make even more sense once we have:
- a screen locker (
Feature #5684) — otherwise, an attacker with physical access to the unlocked session can probably escalate privileges in other ways - protection against other dangerous buses (Feature #5451)
Now:
- implementing this idea could probably be done in a project completely autonomously from Tails;
- we should first check the feasibility of this project, e.g. are udev rules enough to block the kernel from communicating with such devices at all before the user can manually unblock them?
- I’m not sure about what priority we should assign to this topic; should we turn it into a child ticket of Feature #5451, and thus make it a 3.0 goal? Or is it too involved, and perhaps we shouldn’t pack every possible hardening idea we have into a huge milestone that will take years to complete?
#4 Updated by intrigeri 2015-03-02 11:08:31
- Subject changed from Add measures to prompt before non-storage usb is permitted after boot to Prompt before activating non-storage USB devices plugged after login
- Category deleted (
Hardware support) - Status changed from New to Confirmed
#5 Updated by intrigeri 2015-07-01 02:59:18
- related to Feature #9569: Research available protections against rogue USB devices added
#6 Updated by intrigeri 2015-07-01 02:59:55
- related to deleted (
Feature #9569: Research available protections against rogue USB devices)
#7 Updated by intrigeri 2015-07-01 03:00:08
- is duplicate of Feature #9569: Research available protections against rogue USB devices added
#8 Updated by intrigeri 2015-07-01 03:00:33
- Status changed from Confirmed to Duplicate
Feature #9569 goes a little bit further wrt. how this problem could be solved.