Re: BadUSB discussion

[Yves-Alexis Perez <corsac () debian org>]

On ven., 2014-08-08 at 14:36 -0700, Greg KH wrote:
> On Fri, Aug 08, 2014 at 11:27:06PM +0200, Yves-Alexis Perez wrote:
> > On ven., 2014-08-08 at 14:20 -0700, Greg KH wrote:
> > > > Actually, since it's a module parameter, it doesn't seem possible to
> > > > toggle it without reloading the module (or rebooting if it's
> > > builtin).
> > > > So it might not be that easy to do the locking part.
> > >
> > > echo "0" > /sys/module/usbcore/parameters/authorized_default
> >
> > I did that, but unplugging/replugging my mouse still works after that.
>
> Hm, not good, take it to the linux-usb () vger kernel org mailing list and
> we can debug it there.
To follow up on this.

The correct way to do this is to do:

for bus in /sys/bus/usb/usb*;
do
  echo 0 > ${bus}/authorized_default
done

to disable registration of new USB devices (kernel will still enumerate
them, but no driver will handle them).

Echo 1 (or -1) to re-enable registration. Current devices will keep
working. If you want to completely disable a bus (including power), use
'authorized' instead of 'authorized_default' sysfs entry.

Regards,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part