Leon Fauster
2020-Jan-16 10:49 UTC
[CentOS] Limiting what devices can pair over Bluetooth?
Am 15.01.20 um 15:02 schrieb James Pearson:> Phil Perry wrote: >> >>>> What is the threat you're trying to mitigate, specifically?? I don't >>>> see >>>> how pairing a tablet would allow file transfers.? An unauthorized >>>> device >>>> can't unilaterally pair with your system. >>> If you enable Bluetooth on a workstation (by starting the 'bluetooth' >>> service), then a normal user on the workstation can (for example) >>> transfer files to/from a mobile phone - which is something we don't >>> allow >>> >>> Users don't have to have any special perms to do this - users can pair >>> with any Bluetooth devices they want >>> >>> i.e. it isn't possible to control what a user can and can't do with >>> Bluetooth - so it isn't possible to allow pairing with just particular >>> (or classes of) Bluetooth devices >> >> Is it possible to control behaviour with udev rules? > > No idea - I haven't found anything that allows you to 'control' > Bluetooth - including any mention of udev rules > > I have no idea if udev could be used in this way - nor where to start in > creating possible udev rules :-) > > I asked my original question on the linux-bluetooth email list - and the > only suggestion was hacking the Bluetooth kernel modules to 'filter > connection requests at the PSM level' ... >Whats the bus that your BT is connected to, USB? -- Leon
James Pearson
2020-Jan-16 11:36 UTC
[CentOS] Limiting what devices can pair over Bluetooth?
Leon Fauster via CentOS wrote:>>> >>> Is it possible to control behaviour with udev rules? >> >> No idea - I haven't found anything that allows you to 'control' >> Bluetooth - including any mention of udev rules >> >> I have no idea if udev could be used in this way - nor where to start in >> creating possible udev rules :-) >> >> I asked my original question on the linux-bluetooth email list - and the >> only suggestion was hacking the Bluetooth kernel modules to 'filter >> connection requests at the PSM level' ... >> > > Whats the bus that your BT is connected to, USB?I'm testing on a laptop that has built-in BT - although lsusb lists: Bus 002 Device 003: ID 0cf3:e005 Qualcomm Atheros Communications which I believe is the BT controller James Pearson
Leon Fauster
2020-Jan-17 12:31 UTC
[CentOS] Limiting what devices can pair over Bluetooth?
Am 16.01.20 um 12:36 schrieb James Pearson:> Leon Fauster via CentOS wrote: >>>> >>>> Is it possible to control behaviour with udev rules? >>> >>> No idea - I haven't found anything that allows you to 'control' >>> Bluetooth - including any mention of udev rules >>> >>> I have no idea if udev could be used in this way - nor where to start in >>> creating possible udev rules :-) >>> >>> I asked my original question on the linux-bluetooth email list - and the >>> only suggestion was hacking the Bluetooth kernel modules to 'filter >>> connection requests at the PSM level' ... >>> >> >> Whats the bus that your BT is connected to, USB? > > I'm testing on a laptop that has built-in BT - although lsusb lists: > > ?Bus 002 Device 003: ID 0cf3:e005 Qualcomm Atheros Communications > > which I believe is the BT controllerI never tested it with BT devices, just with "plain" usb devices but maybe its worth to take a look at the usbguard package. It supports whitelisting devices ... -- Leon