clone 764894 -1 -2 reassign -1 virt-viewer retitle -1 SECURITY - automatically redirects USB devices to guests reassign -2 spice-client-glib-usb-acl-helper retitle -2 SECURITY - normal users are allowed full access to USB devices per default stop
Hi Guido. On Sun, 2014-10-12 at 19:35 +0200, Guido Günther wrote: > As I wrote already: jessie is already affected Yeah I only read that in the end of your mail and added it only there :) > so if you care _that_ > much (which is good) please do all the work and figure out the > affected versions (I've just done so). Thanks a lot :) Still, to be honest, I think one should rather prevent migration from testing (even if it's annoying) until one knows which versions are affected... and better have a chance to warn the users :) > No. I mean the confer key that handles usb redirection, see > d81fd3c3af1abde1fa0e2bf3b79643f36836f45b Great, thanks a lot... > See above. This should be fixed now with redirection defaulting to off > by default. just tested and verified it... it no longer redirects automatically,... But it still does in virt-viewer, so I clone the bug there. > /usr/share/polkit-1/actions/org.spice-space.lowlevelusbaccess.policy Yeah,... already expected spice-client-glib-usb-acl-helper to be the "bad guy" ;-) > and therefore allowed for interactive users (which makes sense). Well to be honest I think it's really dangerous what is done recently there with polkit (even though it's not really polkit's fault itslef). Rules for it are mostly written, so that interactive users have a lot rights, which may sound okay on the first glance and which may work out for *some* usage scenarios (tablets, single user desktops, etc.)... But I think there are many valid usage scenarios which silently break (in the security PoV) by that. Apart from that, we've often seen bugs in polkit and/or the rules in the past, and where these lax privileges caused even more pain and troubles (I remember a case when polkit allowed local users to access the master keys of dm-crypt devices o.O). > Feel > free to dup this to spice an keep me on cc. I'm cloning this now... hope that keeps you on CC. > Thanks for raising this. Sure... thanks for dealing with it so quickly :) Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
