How to correctly avoid BadUsb? Udev?

From: voidquestion
Date: Thu Jan 07 2016 - 02:13:09 EST

Next message: Sudip Mukherjee: "[PATCH 1/6] [ALSA] portman2x4 - fix trailing whitespace"
Previous message: Michal Simek: "Re: linux-next: error while fetching the microblaze tree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

(please CC reply to my email voidquestion@xxxxx)

How to correctly avoid BadUsb? The solutions I found on web seem not fully working.

Goal: when a device is attached, if it is of HID family (keyboard, mouse),
then if it is attached via USB, then I want to not authorize it to run.

User would turn on this protection some time after boot (e.g. so that his normal usb keyboard works).

The device can play any tricks (e.g. try to report invalid name, forge product/vendor),
try to change it's function suddenly or to add more devices, or try to hit a race condition
against udev protections.

- the method to echo 0 > authorized is probably not safe (race condition)
- tried to authorized_default = 1, but then I do not know what will the functions of USB (e.g. if 2-1.3 will have function of mass-storage, or maybe mass-storage and also HID)... I see that only after I authorize so when it's too late

For example:

/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1.3/authorized <-- I could manually set this to 1
but it seems I need this files to make sure that this is the correct device:

#cat /sys/devices/pci0000\:00/0000\:00\:1d.0/usb2/2-1/2-1.3/2-1.3\:1.0/uevent
DEVTYPE=usb_interface
DRIVER=usbhid
PRODUCT=1c4f/26/110
TYPE=0/0/0
INTERFACE=3/1/1
MODALIAS=usb:v1C4Fp0026d0110dc00dsc00dp00ic03isc01ip01in00

# cat /sys/devices/pci0000\:00/0000\:00\:1d.0/usb2/2-1/2-1.3/2-1.3\:1.1/uevent
DEVTYPE=usb_interface
DRIVER=usbhid
PRODUCT=1c4f/26/110
TYPE=0/0/0
INTERFACE=3/0/0
MODALIAS=usb:v1C4Fp0026d0110dc00dsc00dp00ic03isc00ip00in01

and they show up only after I authorize the top level 2-1.3/
am I supposed to do that blindly?

Or is it possible to at this point peek what device type will it be... but is kernel guaranteeing that this can not change in some race between looking at declared type of device and authorization=1?

Btw this is not working for me, it disables the entire usb2 hub instead.
Plus, this is probably a mistake to first allow the device and then do echo 0 authorize
it seems a brief moment exists between the device starting to run (if authorized_default==1)
and udev being called to perhaps disable it.

/etc/udev/rules.d/10-usbblock.rules rule contents(10-usbblock.rules):
#ACTION=="add", ATTR{bInterfaceClass}=="03" RUN+="/bin/sh -c 'echo 0 >/sys$DEVPATH/../authorized'"

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sudip Mukherjee: "[PATCH 1/6] [ALSA] portman2x4 - fix trailing whitespace"
Previous message: Michal Simek: "Re: linux-next: error while fetching the microblaze tree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]