tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: How trustworthy is that I/O device?



Le 07/11/2013 20:15, Erik Fair a écrit :
There's an ancient daemon in pkgsrc: arpwatch - it keeps a database
of seen MAC addresses on network interfaces, and reports (logs) new
ones. Thus can a network administrator know when new devices are
attached to his networks.

Assuming there is no device that "hides" the new plugged device from arpwatch. If you want acceptable device logging into a network, consider using 802.1x rather than arpwatch. Hosts are not good at monitoring link layer activities. Switches are better candidates for that.

To the extent that various hot-plug devices have unique IDs (more
than just device classifications, e.g. "mass storage", "HID",
"audio"), there could be an authorized (or "seen this before and
trust it") list, perhaps managed by a daemon. If a new device shows
up and is not in the list, no I/O is permitted (well, maybe basic
probe/ID) until authorized explicitly. Can also be "use once" or
"trust forever" or ...

What you want is udev/devfs. Well, an improved version of it, I find udev to be really cumbersome to use for hotplug device policy (and not that well documented either, unless you appreciate Googling for answers).

But you assume that the IDs given by the device can be trusted -- USB gadgets can fake these easily. Same goes for serials...

Let's face it, "we" (by "we" I don't mean NetBSD but Unix in general) do not even have a standard for digital sigs in ELF. So I don't expect signatures for hardware devices to become widespread any time soon.

As for sandboxing untrusted devices from the system... rump + IOMMU combo?

--
Jean-Yves Migeon
The NetBSD Foundation
http://www.NetBSD.org


Home | Main Index | Thread Index | Old Index