From: Bastien Nocera <hadess@hadess.net>
To: Johan Hedberg <johan.hedberg@gmail.com>
Cc: Antonio Ospite <ospite@studenti.unina.it>,
linux-bluetooth@vger.kernel.org
Subject: Re: [PATCH BlueZ 0/2] Add device_set_trusted()
Date: Fri, 15 Feb 2013 10:17:11 +0100 [thread overview]
Message-ID: <1360919831.2283.43.camel@novo> (raw)
In-Reply-To: <20130215085726.GA10022@x220>
On Fri, 2013-02-15 at 10:57 +0200, Johan Hedberg wrote:
> Hi Bastien,
>
> On Fri, Feb 15, 2013, Bastien Nocera wrote:
> > > This patch set makes me a bit uneasy since setting a device as trusted
> > > is a security sensitive operation. My initial reaction is that this
> > > should only be done through explicit user interaction, i.e. through the
> > > D-Bus interface.
> >
> > How is using D-Bus interface "user interaction"? It's not any more user
> > interaction than doing it this way, which avoid going out through the
> > public interface for something we are setting up ourselves.
>
> Typically you'd get a pop-up dialog on the next connect attempt from
> this device "accept connection from foo?" with a check-box or similar to
> elect setting it as trusted. Alternatively the stuff that this plugin
> does upon initial device setup could cause a similar pop-up dialog to be
> presented to the user.
That's possible, technically, but it's not how the device gets set up
when used in its original environment (eg. when plugged into a PS3).
> > > I'm also worried that plugins will start misusing this
> > > API once it's available.
> >
> > I think that it's completely fair for plugins that *do* set up devices
> > to call this function. That's what the plugin is all about. Seeing as
> > devices should be marked as trusted to be usable, I see no reason that
> > this shouldn't be done automatically.
>
> How does the plugin that this API is primarily targeted for setup the
> device? Does it do it through some physical connection like USB?
Yes. When you plug the device in, we tell it which adapter to connect to
when used without a cable, and set ourselves up locally so that we can
accept its connection without any more interaction.
> In such
> a case it's probably fine to skip the user interaction part since if
> you've got physical access to the device there are much severe security
> issues to consider.
Yes, the user would already have had the joypad plugged into the
computer before any setup would have been made.
next prev parent reply other threads:[~2013-02-15 9:17 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-03 16:14 [PATCH BlueZ 0/2] Add device_set_trusted() Antonio Ospite
2013-02-03 16:14 ` [PATCH BlueZ 1/2] device: add a device_set_trusted() function Antonio Ospite
2013-02-03 16:14 ` [PATCH BlueZ 2/2] device: use device_set_trusted() in set_trust() Antonio Ospite
2013-02-03 17:32 ` Anderson Lizardo
2013-02-03 17:51 ` Antonio Ospite
2013-02-03 18:27 ` Anderson Lizardo
2013-02-10 21:30 ` [PATCH BlueZ 0/2] Add device_set_trusted() Antonio Ospite
2013-02-15 8:36 ` Johan Hedberg
2013-02-15 8:40 ` Bastien Nocera
2013-02-15 8:57 ` Johan Hedberg
2013-02-15 9:17 ` Bastien Nocera [this message]
2013-02-15 9:24 ` Johan Hedberg
2013-02-15 9:27 ` Johan Hedberg
2013-02-15 11:01 ` Antonio Ospite
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1360919831.2283.43.camel@novo \
--to=hadess@hadess.net \
--cc=johan.hedberg@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=ospite@studenti.unina.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox