Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 1 Nov 2017 18:58:54 +0000 (UTC)
From:      Conrad Meyer <cem@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r325287 - in head/etc: defaults rc.d
Message-ID:  <201711011858.vA1Iws0K064364@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: cem
Date: Wed Nov  1 18:58:54 2017
New Revision: 325287
URL: https://svnweb.freebsd.org/changeset/base/325287

Log:
  bluetooth: Default to discoverable off
  
  Try to not expose bluetooth devices to external devices unless the user
  explicitly configures it, like any other radio/network device.  Bluetooth
  has a long history of security problems and it is probably best to keep it
  disabled if not needed.
  
  Users who do use the bluetooth device should enable "discoverable" in
  bluetooth.device.conf(5) after this change.
  
  Keep in mind that bluetooth addresses can be discovered by passive
  monitoring or whole address-space scans[0], so a safety conscious user
  should also disable "connectable" in bluetooth.device.conf(5).
  
  [0]: https://www.sans.edu/cyber-research/security-laboratory/article/bluetooth
  
  Reviewed by:	emax, hselasky
  Security:	maybe
  Sponsored by:	Dell EMC Isilon
  Differential Revision:	https://reviews.freebsd.org/D12831

Modified:
  head/etc/defaults/bluetooth.device.conf
  head/etc/rc.d/bluetooth

Modified: head/etc/defaults/bluetooth.device.conf
==============================================================================
--- head/etc/defaults/bluetooth.device.conf	Wed Nov  1 18:49:45 2017	(r325286)
+++ head/etc/defaults/bluetooth.device.conf	Wed Nov  1 18:58:54 2017	(r325287)
@@ -65,7 +65,7 @@
 # NO  or 0	do not scan for inquiry requests;
 # YES or 1	scan for inquiry requests (default).
 
-# discoverable="YES"
+# discoverable="NO"
 
 # The encryption_mode parameter controls if the device requires encryption
 # to the remote device at connection setup. At connection setup, only the

Modified: head/etc/rc.d/bluetooth
==============================================================================
--- head/etc/rc.d/bluetooth	Wed Nov  1 18:49:45 2017	(r325286)
+++ head/etc/rc.d/bluetooth	Wed Nov  1 18:58:54 2017	(r325287)
@@ -287,7 +287,7 @@ bluetooth_start()
 	bluetooth_device_authentication_enable="0"
 	bluetooth_device_class="ff:01:0c"
 	bluetooth_device_connectable="1"
-	bluetooth_device_discoverable="1"
+	bluetooth_device_discoverable="0"
 	bluetooth_device_encryption_mode="0"
 	bluetooth_device_hci_debug_level="3"
 	bluetooth_device_l2cap_debug_level="3"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201711011858.vA1Iws0K064364>