Skip to content

Prompt before activating non-storage USB devices plugged after login

In advance, I’ll admit I’m new to this area (udev rules), so keep in mind that this might not be sensible.

Ref: http://askubuntu.com/questions/531445/only-use-mass-storage-devices-on-a-selected-usb-port-how

The thought was that Tails could implement something like described above, in order to mitigate compromised badUSB devices. The thought was that most devices connected after boot with be storage, and anything else (particularly input devices) would require user intervention via prompt.

As I’m thinking, right after boot, a script could prevent any further usb devices from connecting if the driver is not usb-storage. Some privileged daemon would monitor for new devices, and prompt the user on recognition, which would write a new permissive udev rule to allow that device (perhaps restricted by device class).

Related issues

Original created by @patcon on 8989 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information