Re: [RFC] Create an audit record of USB specific details

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
To: Steve Grubb <sgrubb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
	wmealing <wmealing-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
	linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [RFC] Create an audit record of USB specific details
Date: Mon, 4 Apr 2016 14:53:02 -0700	[thread overview]
Message-ID: <20160404215302.GC26580@kroah.com> (raw)
In-Reply-To: <20160404214843.GA26580-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>

On Mon, Apr 04, 2016 at 02:48:43PM -0700, Greg KH wrote:
> On Mon, Apr 04, 2016 at 05:33:10PM -0400, Steve Grubb wrote:
> > On Monday, April 04, 2016 05:56:26 AM Greg KH wrote:
> > > On Mon, Apr 04, 2016 at 12:02:42AM -0400, wmealing wrote:
> > > > From: Wade Mealing <wmealing-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
> > > > 
> > > > Gday,
> > > > 
> > > > I'm looking to create an audit trail for when devices are added or removed
> > > > from the system.
> > > 
> > > Then please do it in userspace, as I suggested before, that way you
> > > catch all types of devices, not just USB ones.
> > > 
> > > Also I don't think you realize that USB interfaces are what are bound to
> > > drivers, not USB devices, so that is going to mess with any attempted
> > > audit trails here.  How are you going to distinguish between the 5
> > > different devices that just got plugged in that all have 0000/0000 as
> > > vid/pid for them because they are "cheap" devices from China, yet do
> > > totally different things because they are different _types_ of devices?
> > 
> > This sounds like vid/pid should be captured in the event.
> 
> The code did that, the point is, vid/pid means nothing in the real
> world.  So why are you going to audit anything based on it? :)

Oh wait, it's worse, it is logging strings, which are even more
unreliable than vid/pid values.  It's pretty obvious this has not been
tested on any large batch of real-world devices, or thought through as
to why any of this is even needed at all.

So why is this being added?  Who needs/wants this?  What are their
requirements here?  From what I recall, the author is just messing
around with the USB subsystem and audit as something fun to do, which is
great, but don't expect it to be mergable :)

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

WARNING: multiple messages have this Message-ID (diff)

From: Greg KH <gregkh@linuxfoundation.org>
To: Steve Grubb <sgrubb@redhat.com>
Cc: linux-audit@redhat.com, wmealing <wmealing@redhat.com>,
	linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org
Subject: Re: [RFC] Create an audit record of USB specific details
Date: Mon, 4 Apr 2016 14:53:02 -0700	[thread overview]
Message-ID: <20160404215302.GC26580@kroah.com> (raw)
In-Reply-To: <20160404214843.GA26580@kroah.com>

On Mon, Apr 04, 2016 at 02:48:43PM -0700, Greg KH wrote:
> On Mon, Apr 04, 2016 at 05:33:10PM -0400, Steve Grubb wrote:
> > On Monday, April 04, 2016 05:56:26 AM Greg KH wrote:
> > > On Mon, Apr 04, 2016 at 12:02:42AM -0400, wmealing wrote:
> > > > From: Wade Mealing <wmealing@redhat.com>
> > > > 
> > > > Gday,
> > > > 
> > > > I'm looking to create an audit trail for when devices are added or removed
> > > > from the system.
> > > 
> > > Then please do it in userspace, as I suggested before, that way you
> > > catch all types of devices, not just USB ones.
> > > 
> > > Also I don't think you realize that USB interfaces are what are bound to
> > > drivers, not USB devices, so that is going to mess with any attempted
> > > audit trails here.  How are you going to distinguish between the 5
> > > different devices that just got plugged in that all have 0000/0000 as
> > > vid/pid for them because they are "cheap" devices from China, yet do
> > > totally different things because they are different _types_ of devices?
> > 
> > This sounds like vid/pid should be captured in the event.
> 
> The code did that, the point is, vid/pid means nothing in the real
> world.  So why are you going to audit anything based on it? :)

Oh wait, it's worse, it is logging strings, which are even more
unreliable than vid/pid values.  It's pretty obvious this has not been
tested on any large batch of real-world devices, or thought through as
to why any of this is even needed at all.

So why is this being added?  Who needs/wants this?  What are their
requirements here?  From what I recall, the author is just messing
around with the USB subsystem and audit as something fun to do, which is
great, but don't expect it to be mergable :)

thanks,

greg k-h

next prev parent reply	other threads:[~2016-04-04 21:53 UTC|newest]

Thread overview: 52+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-04-04  4:02 [RFC] Create an audit record of USB specific details wmealing
     [not found] ` <1459742562-22803-1-git-send-email-wmail-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-04-04  6:48   ` Oliver Neukum
2016-04-04  6:48     ` Oliver Neukum
     [not found]     ` <1459752519.24025.5.camel-IBi9RG/b67k@public.gmane.org>
2016-04-04  7:47       ` Bjørn Mork
2016-04-04  7:47         ` Bjørn Mork
     [not found]         ` <87bn5pzuh1.fsf-lbf33ChDnrE/G1V5fR+Y7Q@public.gmane.org>
2016-04-05  8:40           ` Wade Mealing
2016-04-05  8:40             ` Wade Mealing
2016-04-05 11:49             ` EXT :Re: " Boyce, Kevin P (AS)
2016-04-05 13:46               ` Greg KH
2016-04-05 13:52                 ` Boyce, Kevin P (AS)
     [not found]                   ` <6bdd24ee68e64e4e91fa160940d357ed-cZmdoFAsBjDgAiKnVY1dJgQSgKfZeEaX@public.gmane.org>
2016-04-05 15:35                     ` Greg KH
2016-04-05 15:35                       ` Greg KH
2016-04-05 14:40             ` Alan Stern
2016-04-05 22:17               ` Wade Mealing
2016-04-05 17:02             ` Oliver Neukum
     [not found]               ` <1459875768.2892.1.camel-IBi9RG/b67k@public.gmane.org>
2016-04-05 19:38                 ` Steve Grubb
2016-04-05 19:38                   ` Steve Grubb
2016-04-05 22:18                   ` Greg KH
2016-04-04 12:56 ` Greg KH
2016-04-04 21:33   ` Steve Grubb
2016-04-04 21:48     ` Greg KH
     [not found]       ` <20160404214843.GA26580-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2016-04-04 21:53         ` Greg KH [this message]
2016-04-04 21:53           ` Greg KH
2016-04-05 13:07           ` Burn Alting
2016-04-05 13:44             ` Greg KH
2016-04-05 14:08               ` Burn Alting
2016-04-05 14:08                 ` Burn Alting
2016-04-05 14:20                 ` EXT :Re: " Boyce, Kevin P (AS)
2016-04-05 14:20                   ` Boyce, Kevin P (AS)
     [not found]                   ` <9dd2354558314ead819366b954e97133-cZmdoFAsBjDgAiKnVY1dJgQSgKfZeEaX@public.gmane.org>
2016-04-05 14:37                     ` Burn Alting
2016-04-05 14:37                       ` Burn Alting
     [not found]                       ` <1459867036.7998.112.camel-krJecHFEUit3UMzaYwuTPmD2FQJk+8+b@public.gmane.org>
2016-04-05 14:42                         ` Boyce, Kevin P (AS)
2016-04-05 14:42                           ` Boyce, Kevin P (AS)
     [not found]                           ` <ffef94ad8d7a4770a4a192488a5be1c3-cZmdoFAsBjDgAiKnVY1dJgQSgKfZeEaX@public.gmane.org>
2016-04-05 22:39                             ` Burn Alting
2016-04-05 22:39                               ` Burn Alting
2016-04-04 21:37   ` Paul Moore
2016-04-04 21:50     ` Greg KH
2016-04-05  2:54       ` Paul Moore
2016-04-05  2:54         ` Paul Moore
2016-04-05  3:39         ` Greg KH
     [not found]           ` <20160405033905.GA14854-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2016-04-05 14:50             ` Paul Moore
2016-04-05 14:50               ` Paul Moore
2016-04-04 21:37 ` Steve Grubb
2016-04-04 21:54   ` Greg KH
2016-04-05  1:51     ` Wade Mealing
2016-04-05  1:54       ` Wade Mealing
2016-04-05  1:54         ` Wade Mealing
     [not found]         ` <CALJHwhSaimur4w_WqjNOV6dawuDTvqQ5KGM52741Hq=DYMHaAQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-04-05  2:43           ` Greg KH
2016-04-05  2:43             ` Greg KH
2016-04-05  2:47           ` Greg KH
2016-04-05  2:47             ` Greg KH
2016-04-04 22:10   ` Burn Alting

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160404215302.GC26580@kroah.com \
    --to=gregkh-hqyy1w1ycw8ekmwlsbkhg0b+6bgklq7r@public.gmane.org \
    --cc=linux-audit-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=linux-usb-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=sgrubb-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    --cc=wmealing-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.