On Mo, 14.12.20 14:54, Adi Ml ([email protected]) wrote:
> Hi,
>
> I would like to harden my udev service with the
> SystemCallFilter option. What systemcalls should be permitted/allowed in
> order to secure it and avoid irrelevant system calls?
We apply system call filters to all long running
On Mon, Dec 14, 2020 at 06:18:24PM +0200, Adi Ml wrote:
> I guess that udev can block devices from userspace only, so from there.
>
> Of course, you are right-whitelist is better.
>
> As for usbguard, I thought about using seccomp and filterring system calls
> in my udev service based on their co
I guess that udev can block devices from userspace only, so from there.
Of course, you are right-whitelist is better.
As for usbguard, I thought about using seccomp and filterring system calls
in my udev service based on their code - I have seen that they list a group
of system calls and restrict
On Mon, Dec 14, 2020 at 05:31:17PM +0200, Adi Ml wrote:
> I am using udev in order to create a kiosk mode. I want to block devices
> which fit a certain vid pid.
Block devices from where? The kernel or userspace?
udev runs _after_ the kernel has seen the device and bound to it.
And usb vid/pids
I am using udev in order to create a kiosk mode. I want to block devices
which fit a certain vid pid. I want to filter system calls anyway because I
dont know which devices are entered and I want to avoid devices which will
do unusual things like rubber ducky.
What do you mean by filtering system
On Mon, Dec 14, 2020 at 04:30:58PM +0200, Adi Ml wrote:
> Hi,
> Is there some way to detect which system calls, I am using in udev (in
> order to filter it)?
I don't understand, if you don't know what system calls you are needing,
why do you need to filter anything? Do you not trust udev to work
Hi,
Is there some way to detect which system calls, I am using in udev (in
order to filter it)?
I do not use any script, I just echo 0 to the authorized file in the device
connected in order to disable it when it is not the wanted device (the
match is based on serial number, vid, pid)
Thank you
On Mon, Dec 14, 2020 at 02:54:31PM +0200, Adi Ml wrote:
> Hi,
>
> I would like to harden my udev service with the
> SystemCallFilter option. What systemcalls should be permitted/allowed in
> order to secure it and avoid irrelevant system calls?
It all depends on what type of scripts/programs you
Hi,
I would like to harden my udev service with the
SystemCallFilter option. What systemcalls should be permitted/allowed in
order to secure it and avoid irrelevant system calls?
Thank you!
___
systemd-devel mailing list
[email protected].
