From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7A34D1396D9 for ; Thu, 9 Nov 2017 06:10:54 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2A597E0C64; Thu, 9 Nov 2017 06:10:47 +0000 (UTC) Received: from gw2.antarean.org (gw2.antarean.org [141.105.125.208]) by pigeon.gentoo.org (Postfix) with ESMTP id C2628E083E for ; Thu, 9 Nov 2017 06:10:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by gw2.antarean.org (Postfix) with ESMTP id 125701211D6 for ; Thu, 9 Nov 2017 07:05:32 +0100 (CET) X-Virus-Scanned: amavisd-new at antarean.org Received: from gw2.antarean.org ([127.0.0.1]) by localhost (gw2.antarean.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PFpZ0JMGqvjp for ; Thu, 9 Nov 2017 07:05:31 +0100 (CET) Received: from mailstore1.antarean.org (localhost [127.0.0.1]) by gw2.antarean.org (Postfix) with ESMTP id 12EA31210B7 for ; Thu, 9 Nov 2017 07:05:31 +0100 (CET) Received: from andromeda.localnet (lan100.nl.antarean.org [10.20.13.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mailstore1.antarean.org (Postfix) with ESMTPSA id BAA5832 for ; Thu, 9 Nov 2017 07:10:42 +0100 (CET) From: "J. Roeleveld" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: Linux USB security holes. Date: Thu, 09 Nov 2017 07:10:41 +0100 Message-ID: <13135444.CUWVRDMnju@andromeda> In-Reply-To: <20171108193537.5art3runhcttu7h3@matica.foolinux.mooo.com> References: <65c1af14-a224-4c9f-1ca8-eca4ccc71d0f@gmail.com> <556A9D39-68CC-4E4F-9BDA-545EBB0F9D69@antarean.org> <20171108193537.5art3runhcttu7h3@matica.foolinux.mooo.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Archives-Salt: 891d35f8-d241-4aef-b804-06cb91deb975 X-Archives-Hash: e5e1116e48d0a98e45ca248cf07e89f1 On Wednesday, November 8, 2017 8:35:37 PM CET Ian Zimmerman wrote: > On 2017-11-08 05:53, J. Roeleveld wrote: > > From what I read, you need physical access. > > According to Solar, for whom I have developed great respect, this is not > necessarily so: > > http://www.openwall.com/lists/oss-security/2017/11/08/5 I stand corrected. Forgot about this possible avenue. But this will still require the person already has access to the system. I think for most users with just a personal desktop, this is less likely. It does bring another possible access, most servers have iKVM/IPMI systems installed for remote management. Those also allow USB devices to be connected over network. I would, however, class access to these parts of the system as "physical" access. -- Joost