On Fri, Apr 26, 2019 at 03:10:19PM +0200, ThiƩbaud Weksteen wrote:
> Does anyone have any preference?
I think minimizing the number of prompts to the user would be
preferable, honestly.
I would do the following changes in the Debian package:
1. PresentDevicePolicy=keep - just to avoid breaking existing setups
will still providing *some* security for new devices (although the
rule generation thing does that, this is easier to implement in the
Debian package). Note that I am not clear on the difference between
=keep and =allow, so take this with a grain of salt. Upstream says
this is preferably kept to apply-policy because an attacker might
crash the USBguard daemon to get their device rejected, but I'm not
sure it's that much of a threat model.
2. Add `plugdev` to the IPCAllowedGroups setting. It's commonly the
group that is allowed to deal with pluggable devices, and it's not a
big compromise to allow them to decide what gets plugged in or not.
This ensures that normal users can interact with the USBguard daemon
and do stuff in case the above fails.
I think enforcing new devices confirmation then becomes safe enough and
meaningful, without having to otherwise prompt the user.
A.
