Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp2175797ybl; Thu, 9 Jan 2020 08:09:04 -0800 (PST) X-Google-Smtp-Source: APXvYqwFUdmqkjKlcxRPFf18WfeQ6tJVkBkcDNdN9D7EtAI/FdoZ/jfEuT32JNoLqJviP4HY14tH X-Received: by 2002:aca:3846:: with SMTP id f67mr3549473oia.61.1578586143868; Thu, 09 Jan 2020 08:09:03 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1578586143; cv=pass; d=google.com; s=arc-20160816; b=KQhkCNNrI1r4X+Q8quGcewFRLe9h0Fygqg8p92U0UhEhU2+UtzLfX7cQeZEAT/ZfBK Mm5zNVeqsJViOQpxbZh3P8z6z99dC+f8HOU1obzc7dpkS8LBrzaR6ugK75DaB8yOBuKl pu5gJFwVi0J1TbST+oq8YHu18Rbzb8wgDUtF2d/vzIvi96r8uXUWOLKOoKVer03rnuEu S5QF8QGgI+APWOOFnszc6NEy7p4mABr+vhd4tYOFBr0TIXFX8pp36tdmq7BmlCbpcKgH n438RRXQSFsYHsy7ja6k1tptGHX74jq75Zplcunmhf/Pau//cjxwdztLR1O45DtQ6jxL 4LSg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:references:cc:to :subject:dkim-signature; bh=nl02X2MSsB6Y8zCo0BrJLVZ7x7My2N6msAvd9peqmRM=; b=AoZhe7zUjdXqKjO2u9p20Ch8/yLMOXE9TpPxBBJ4NzGdJ84MxzL4QDQSZ74agM0Agc +oeG2M/qkrJBj1DTv5qBI2KxE5aQVaOuaSCsEwa1pZhlAkUVzSpeOpWFajKIwmCf3YfR WTRXGdqUug560k1rNJMFuiF/D/JyYII8yuin0KOI6VUMJgCt+x2gy7Kcq+/uOmcnDq4e eQSj8NYMXTndnWjnXEiUqzZMToVpkLz4LxO9toEKPGgYMrR95pepK9lyOTwPMynCcb3c RdnENZC2yThRMmtKnvLo+tMYn/Yy+GP/1CKk6VqtB55HJCaPqEp1n2C/GaXBmlyIPyvP NxKQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@technicolor.onmicrosoft.com header.s=selector2-technicolor-onmicrosoft-com header.b=ber9aJO1; arc=pass (i=1 spf=pass spfdomain=moving-picture.com); spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u16si4126737otq.92.2020.01.09.08.08.36; Thu, 09 Jan 2020 08:09:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@technicolor.onmicrosoft.com header.s=selector2-technicolor-onmicrosoft-com header.b=ber9aJO1; arc=pass (i=1 spf=pass spfdomain=moving-picture.com); spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730166AbgAIOxv (ORCPT + 99 others); Thu, 9 Jan 2020 09:53:51 -0500 Received: from mail-co1nam11on2092.outbound.protection.outlook.com ([40.107.220.92]:15998 "EHLO NAM11-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1730123AbgAIOxv (ORCPT ); Thu, 9 Jan 2020 09:53:51 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a87RU1L9nESVESFek8vb0CrVATMlBMMD0OUqVkFIhzmLxiKbqm1DRpfAwc8oFAVLpF7VfjsFQDdVeSF4UiUkVY2FFqJE3lyHbd3P8u9pJOS8oQIcz4MgWFgoD2yK3xtGwhLhWXNqfHMH1KDItuIyBP58xyISnzZR83PMVe8KlnU04FOzjOS606jj9T2JIH4dGH417zZezzXZ4Qh33WAZPLZX9VCYDQIpKf3DOv3FaRQiLysyf5DkKwJJscb3xx9G6ollq7/K7fUV24rOSzzjrqvPckZd9N2QIYeBvMSU6nbEXMUkkMyTzTnfQRpci0yIcdcV4K1l/jAiO49RKx7+3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nl02X2MSsB6Y8zCo0BrJLVZ7x7My2N6msAvd9peqmRM=; b=jIv0VxsW37upLamv99U3A8Fw9JyiNYjN3sYTo21Bx32sl7WgktRfGP0EbPGp28no0RYHXt5jd3S5VLJZCgK5SPbz/37YZn+Q4xuIYdc5kCJn15VudHkS11a7NKS4IocV6i4F3cjPGM6iDTr0L9bb5CSfyEnzDHo4Vshhd7OczQbByzq2YOLXh4yK6icNKAtPSaJV4wHTFUxkOkL/56j9b7Tgt85P1mV29Os0bh/liDM/sD0ddFWAiOML0r1m96rOMkfLBdPTWVk+fH/KX7mtaddJMos12yqN/u3tnL1dOXK6pilmxdplt8lIK5Kd0K+XhK36KA0cT3t9lgaKJDS5Zw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 193.203.95.25) smtp.rcpttodomain=gmail.com smtp.mailfrom=moving-picture.com; dmarc=bestguesspass action=none header.from=moving-picture.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=technicolor.onmicrosoft.com; s=selector2-technicolor-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nl02X2MSsB6Y8zCo0BrJLVZ7x7My2N6msAvd9peqmRM=; b=ber9aJO1OVj8oBykLcvYKQai2AJSmVTVcfhkYR13IGD3EzMmrBLPq36wTTp8SivGZNhhuha9RUjFhE0sBM12XhwELj4gKACGkyBHob41Uoo+V4pqix8dblY3upDaz2fseLLeVpokl/QXU/hU+o2ildVV0XinBovmb79xI2Y2n+g= Received: from BYAPR02CA0050.namprd02.prod.outlook.com (2603:10b6:a03:54::27) by DM5PR02MB2363.namprd02.prod.outlook.com (2603:10b6:3:51::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2602.10; Thu, 9 Jan 2020 14:53:49 +0000 Received: from BN3NAM04FT011.eop-NAM04.prod.protection.outlook.com (2a01:111:f400:7e4e::201) by BYAPR02CA0050.outlook.office365.com (2603:10b6:a03:54::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2602.15 via Frontend Transport; Thu, 9 Jan 2020 14:53:49 +0000 Authentication-Results: spf=pass (sender IP is 193.203.95.25) smtp.mailfrom=moving-picture.com; gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=bestguesspass action=none header.from=moving-picture.com; Received-SPF: Pass (protection.outlook.com: domain of moving-picture.com designates 193.203.95.25 as permitted sender) receiver=protection.outlook.com; client-ip=193.203.95.25; helo=email.moving-picture.com; Received: from email.moving-picture.com (193.203.95.25) by BN3NAM04FT011.mail.protection.outlook.com (10.152.92.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2623.9 via Frontend Transport; Thu, 9 Jan 2020 14:53:48 +0000 Received: from frijj.mpc.local (10.64.66.72) by LNDWSCAS01b.ad.mpc.local (10.14.193.79) with Microsoft SMTP Server id 14.3.408.0; Thu, 9 Jan 2020 14:53:43 +0000 Subject: Re: Limiting what devices can pair over Bluetooth? To: Luiz Augusto von Dentz CC: "linux-bluetooth@vger.kernel.org" References: <85C0B54E4752CA4F873E7C78CF0B26F5020662DB2C@LNDWSMBX02.ad.mpc.local> From: James Pearson Message-ID: <10177aaf-cc9a-d807-9265-58bbb69c8386@moving-picture.com> Date: Thu, 9 Jan 2020 14:53:42 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.5 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [10.64.66.72] X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-HT: Tenant X-Forefront-Antispam-Report: CIP:193.203.95.25;IPV:;CTRY:GB;EFV:NLI;SFV:NSPM;SFS:(10019020)(346002)(376002)(39860400002)(396003)(136003)(199004)(189003)(86362001)(81166006)(31686004)(8936002)(5660300002)(36756003)(81156014)(2906002)(31696002)(8676002)(336012)(6916009)(2616005)(316002)(26005)(478600001)(356004)(4326008)(186003)(70206006)(70586007)(16526019)(36906005);DIR:OUT;SFP:1102;SCL:1;SRVR:DM5PR02MB2363;H:email.moving-picture.com;FPR:;SPF:Pass;LANG:en;PTR:soho95-25.sohonet.co.uk;A:1;MX:1; X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4d1d61f5-add8-45e1-3470-08d79513bbd4 X-MS-TrafficTypeDiagnostic: DM5PR02MB2363: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:10000; X-Forefront-PRVS: 02778BF158 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: OXOAsDkBUzBv4ACbquSQ5uT71PXd/go3X84gLOE3L4aIwV7kT4h5SgAH1aQ/DLU2rLZ98WtxQWG3SrmYXzryn0nevKMl19fzu2koZeJ7L5pXk1pWgybfMvdu1ijf8Yj/J9vpP8P2tIGyERNdRbDYEvgyi4GB/3nmLltXqa9VMZLqXIxx0uXithmt7Vj8h2LRalkwpdDieGmTzyMfI+6ZK7VLWsB4H46BWRnwoVRuiN51DDpF+yNQ+arH6FUCKalPqN5hjQsKAPBX5lcuWlbBaOAZVcKLvdH87Do4Dyngs1CPCqVBCaxb8DVXIrhyhTaYzhjKVd1zEXGp/GFF7z2sTPtXVbNM0GNGX88bJ8nLjZSmNMxEPne39NGqX5QiVJdvkpjz/Uv8ZX/xKHDmccs9lQdqu1HDrPYKCElQqKg9q3jAtoLTuNmeYp5qJrYc/dly X-OriginatorOrg: moving-picture.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Jan 2020 14:53:48.0655 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4d1d61f5-add8-45e1-3470-08d79513bbd4 X-MS-Exchange-CrossTenant-Id: 036da35c-ba43-4e4a-9bff-72ec0f508621 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=036da35c-ba43-4e4a-9bff-72ec0f508621;Ip=[193.203.95.25];Helo=[email.moving-picture.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR02MB2363 Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Luiz Augusto von Dentz wrote: > >> My aim is to prevent Bluetooth being used (in any way) to transfer >> files/data on/off the workstation >> >> I've found that if I blacklist the bnep, cmtp and rfcomm kernel modules >> (just leaving the bluetooth and hidp kernel modules enabled) then the >> Wacom tablet still works over Bluetooth > > bnep is for tethering, depending on the system that might be useful, > and if you block RFCOMM you no only block usage of file transfer but > also HFP, but perhaps you don't care about those so that would be fine > to disable. Btw, for getting file sharing you would just need to > disable obexd though it doesn't seems it is a user service which you > can disable with systemctl. > >> Would this be sufficient to prevent any kind of file transfer over >> Bluetooth ? Looks like with these kernel modules disabled, I can still use 'bluetooth-send' to send a file to a paired (Android) phone ... removing the OS provided obexd binary prevents bluetooth-send from running, but it doesn't stop a user running their own copy of obexd So it looks like, in our case, we won't be able to use a Wacom tablet over Bluetooth - without opening up a whole can of worms ... which is a shame Thanks James Pearson