From owner-freebsd-security@freebsd.org Thu Sep 21 22:20:56 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 166EDE26514; Thu, 21 Sep 2017 22:20:56 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from land.berklix.org (land.berklix.org [144.76.10.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "land.berklix.org", Issuer "land.berklix.org" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 8BF4A6D2C9; Thu, 21 Sep 2017 22:20:54 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from mart.js.berklix.net (pD9FA3C56.dip0.t-ipconnect.de [217.250.60.86]) (authenticated bits=128) by land.berklix.org (8.15.2/8.15.2) with ESMTPSA id v8LMJvnx044694 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 21 Sep 2017 22:20:01 GMT (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id v8LMKfnt008965; Fri, 22 Sep 2017 00:20:41 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.7/8.14.7) with ESMTP id v8LMK45d026318; Fri, 22 Sep 2017 00:20:22 +0200 (CEST) (envelope-from jhs@berklix.com) Message-Id: <201709212220.v8LMK45d026318@fire.js.berklix.net> To: Hans Petter Selasky cc: freebsd-usb@freebsd.org, freebsd-security@freebsd.org, Astrid Jekat Subject: Re: Re.: BadUSB - On Accessories that Turn Evil, by Karsten Nohl + Jakob Lell From: "Julian H. Stacey" Organization: http://berklix.eu BSD Unix Linux Consultants, Munich Germany User-agent: EXMH on FreeBSD http://berklix.eu/free/ X-From: http://www.berklix.eu/~jhs/ In-reply-to: Your message "Wed, 20 Sep 2017 22:18:02 +0200." Date: Fri, 22 Sep 2017 00:20:03 +0200 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Sep 2017 22:20:56 -0000 Hi all Hans Petter Selasky wrote: > On 09/20/17 20:06, Julian H. Stacey wrote: > > A tiny diff to make it easier to grep sysctl descriptions: > > http://www.berklix.com/~jhs/src/bsd/fixes/FreeBSD/src/gen/sys/dev/usb/usb_hub.c.REL=12.0-CURRENT.diff > > Hi, > > Please wrap the long string in multiple pieces Done. > before committing it. See below > Looks good. Hope the sysctl has saved you some trouble :-) I'm not much exposed, but enthuse to others more exposed, how quickly you provided it once the risk was spotted :-). Hopefully those most at risk will enable it most, & like a firewall, may be ignorant if it saves them. I'm going to have my /etc/rc.conf enable it for all domains where `hostname` is not in my home domain. > --HPS > From: Gary Jennejohn > I suppose Hans means "submitting it." Julian should probably > open a bug report and attach his diff to it. Done, https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=222505 > Julian did at one time, many years ago, have a commit bit. But I > doubt he does now. Yes unfortunately my commit bit evaporated way back, lack of use. > From: "WhiteWinterWolf (Simon)" Thanks for a post with many good points, starting: > malicious mouse offers plenty of space to store all the chips you may Thanks Gary for pointing out German CT magazine issue 18/2017 https://www.heise.de/ct/ausgabe/2017-18-Gefahr-durch-angriffslustige-Hardware-3800729.html For those who can't read German: Normaly I just point to http://www.berklix.org/trans/ But currently as - Google have damaged their translator, no longer accept URLs - & Bing wont translate https, only http Temporarily there's http://www.berklix.org/trans/ct/ Cheers, Julian -- Julian H. Stacey, Computer Consultant, BSD Linux Unix Systems Engineer, Munich Reply below, Prefix '> '. Plain text, No .doc, base64, HTML, quoted-printable. http://berklix.eu/queen/ Petition to get 3.5 million UK votes back.