Prompt before activating non-storage USB devices plugged after login
In advance, I’ll admit I’m new to this area (udev rules), so keep in mind that this might not be sensible.
Ref: http://askubuntu.com/questions/531445/only-use-mass-storage-devices-on-a-selected-usb-port-how
The thought was that Tails could implement something like described above, in order to mitigate compromised badUSB devices. The thought was that most devices connected after boot with be storage, and anything else (particularly input devices) would require user intervention via prompt.
As I’m thinking, right after boot, a script could prevent any further usb devices from connecting if the driver is not usb-storage. Some privileged daemon would monitor for new devices, and prompt the user on recognition, which would write a new permissive udev rule to allow that device (perhaps restricted by device class).
Related issues
- Is duplicate of #9569
Original created by @patcon on 8989 (Redmine)