On 14/01/2020 10:27, James Pearson wrote:> Gordon Messmer wrote: >> >> On 1/13/20 2:26 AM, James Pearson wrote: >>> Which is a pity, as it's either an all or nothing with Bluetooth, >>> which means we can't use Bluetooth for Wacom tablets without opening >>> up access to file transfer over Bluetooth as well ... >> >> >> What is the threat you're trying to mitigate, specifically?? I don't see >> how pairing a tablet would allow file transfers.? An unauthorized device >> can't unilaterally pair with your system. > If you enable Bluetooth on a workstation (by starting the 'bluetooth' > service), then a normal user on the workstation can (for example) > transfer files to/from a mobile phone - which is something we don't allow > > Users don't have to have any special perms to do this - users can pair > with any Bluetooth devices they want > > i.e. it isn't possible to control what a user can and can't do with > Bluetooth - so it isn't possible to allow pairing with just particular > (or classes of) Bluetooth devices >Is it possible to control behaviour with udev rules?
James Pearson
2020-Jan-15 14:02 UTC
[CentOS] Limiting what devices can pair over Bluetooth?
Phil Perry wrote:> >>> What is the threat you're trying to mitigate, specifically?? I don't see >>> how pairing a tablet would allow file transfers.? An unauthorized device >>> can't unilaterally pair with your system. >> If you enable Bluetooth on a workstation (by starting the 'bluetooth' >> service), then a normal user on the workstation can (for example) >> transfer files to/from a mobile phone - which is something we don't allow >> >> Users don't have to have any special perms to do this - users can pair >> with any Bluetooth devices they want >> >> i.e. it isn't possible to control what a user can and can't do with >> Bluetooth - so it isn't possible to allow pairing with just particular >> (or classes of) Bluetooth devices > > Is it possible to control behaviour with udev rules?No idea - I haven't found anything that allows you to 'control' Bluetooth - including any mention of udev rules I have no idea if udev could be used in this way - nor where to start in creating possible udev rules :-) I asked my original question on the linux-bluetooth email list - and the only suggestion was hacking the Bluetooth kernel modules to 'filter connection requests at the PSM level' ... Thanks James Pearson
Leon Fauster
2020-Jan-16 10:49 UTC
[CentOS] Limiting what devices can pair over Bluetooth?
Am 15.01.20 um 15:02 schrieb James Pearson:> Phil Perry wrote: >> >>>> What is the threat you're trying to mitigate, specifically?? I don't >>>> see >>>> how pairing a tablet would allow file transfers.? An unauthorized >>>> device >>>> can't unilaterally pair with your system. >>> If you enable Bluetooth on a workstation (by starting the 'bluetooth' >>> service), then a normal user on the workstation can (for example) >>> transfer files to/from a mobile phone - which is something we don't >>> allow >>> >>> Users don't have to have any special perms to do this - users can pair >>> with any Bluetooth devices they want >>> >>> i.e. it isn't possible to control what a user can and can't do with >>> Bluetooth - so it isn't possible to allow pairing with just particular >>> (or classes of) Bluetooth devices >> >> Is it possible to control behaviour with udev rules? > > No idea - I haven't found anything that allows you to 'control' > Bluetooth - including any mention of udev rules > > I have no idea if udev could be used in this way - nor where to start in > creating possible udev rules :-) > > I asked my original question on the linux-bluetooth email list - and the > only suggestion was hacking the Bluetooth kernel modules to 'filter > connection requests at the PSM level' ... >Whats the bus that your BT is connected to, USB? -- Leon