Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp350880ybh; Mon, 9 Mar 2020 23:27:48 -0700 (PDT) X-Google-Smtp-Source: ADFU+vsh+y7DOMsjAsVRjjqWcYO5UK2Q+Fhq/E1njMBHJQGnabgh6L/4uFMOBqvbuBAsXl4zlK5X X-Received: by 2002:a9d:67c3:: with SMTP id c3mr7467580otn.340.1583821668510; Mon, 09 Mar 2020 23:27:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1583821668; cv=none; d=google.com; s=arc-20160816; b=oV3plCl+GRC0WE/NbWs+XBXSxELTLKhH/REnZLsgWcq+RwYBOI+BtTVBVeovNYM81z xTHSt/WjtaowLLli9D4b0hJiqeTVvhlvkCT+MQ5txiGxCqwZ2C5SlmqTrLE8Gkq5fIXx So9vsmakvpBLa47u5FWi+MG2R34534js/b8saAfYShrPV5F4dodmp16X4TaOtSwlRMi3 UaCrTI8jCDRbx+JrV5zevkvFxVJRy1t0g77w/KVRFJ1M0ni31K6pvfOK/V9X37gjrSQd R97FV3S/GfpYnxq3kP5B9tqitR4c37XeBTtsDtL0bymxnIpiCteDxU1GK1vnHHqOJ/7D DrfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=7MymHMIPjwA8vlfgP3l2VtEZj5oz3aMUkf3EFgYY7H0=; b=J1SnuOBQCvUsTuSrqDZLrgcEzVd8pJ2exfx0Ei3GEKso+K/9vPnbzO1CHVbx2eKJ99 SNPxRGowjrpal3DlNNEJXrj9F69My6bOxucxFPbnM+96QQuBqdl20lFQVOiJaylbUFYc B7MHlLKEsu5L77wgyA+I3F9uqW+Ey5FVfPCHfw66CbKcz44W8pcYHgZoqS1z7+fvtgDB FgIK8vmDEqc8FuZrZ3OXevwfcjQg+S35vlib+VMGRblO1lfm8T2LpqJsZt979Dl+RRM8 Qh/iutvR6zowlvMgDD5yfgAEPM36m0gEEUTafy4IffMZUFi3Rv93oSVwSbY9f3ggoKTW setg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=NAHVLs2f; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h25si2098162otq.53.2020.03.09.23.27.34; Mon, 09 Mar 2020 23:27:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=NAHVLs2f; spf=pass (google.com: best guess record for domain of linux-bluetooth-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726100AbgCJG12 (ORCPT + 99 others); Tue, 10 Mar 2020 02:27:28 -0400 Received: from mail-ot1-f65.google.com ([209.85.210.65]:43275 "EHLO mail-ot1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725919AbgCJG12 (ORCPT ); Tue, 10 Mar 2020 02:27:28 -0400 Received: by mail-ot1-f65.google.com with SMTP id a6so4203017otb.10 for ; Mon, 09 Mar 2020 23:27:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=7MymHMIPjwA8vlfgP3l2VtEZj5oz3aMUkf3EFgYY7H0=; b=NAHVLs2fpOAhrOmaF2NqxxZpHCrSI6UPv8nm/FNFr2qvbO6RAp7LRiD+3hpQYduLcj siKlMb2dwcKCWLeFcvwYkWQq00QcftKDWD4Rmz1dsu72Pd5JPuflM7lkATIN3BBlLK/z 77CxZM4Gk88VcrQldbGuF0otjR3VXMkMjlKFhMz2lXACKOHHgnkTCinANfVBPFKO4yj9 PpFrLUkU6NYqD01mgc9u9++6A0o7E2bdiJqoe9Vyy++NAPx7nbdL7E08e0GlxPXseqD1 pyID+n99ZiCGRgKaD+B9E3v3s7BeZ22volQh434a7c+pmajJhPSfEEdWae0A2i5J8taa NCfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=7MymHMIPjwA8vlfgP3l2VtEZj5oz3aMUkf3EFgYY7H0=; b=e+YV9vBXZ0mCaBXgeovt/1KVf1N2LHtOtPlwLNv8os1QUMkFcedaIGeZ1PGYESP88f OgTTLAj3HYOm4SzFLrhuZ/OYRWXwKz0YcS0pH6vIc36DUL12vqxzHC7riw48PXRNTh2K fxMPkS/Ldu3rVg7h0rSWxVnYDu+BylrFRAvu37cZ1iAnSGDOAl91S++hwm+BqliyH5BT 0Z/YJ8GXDw5U6qAn8VFfSurFezzMCUECjlRyopb+yamBkQF3ggM3pFH/cYqEBarx17lh us+HagimdLAz1ZMyBt08WCBBBxz2VwXp40GNKc0IJUXaE5wQ6eZPh6vsgsVBibnjOMqc fGGA== X-Gm-Message-State: ANhLgQ2ndGclcnaMd+YMb0XuW09NhniQCOHeNeE6MCWOgn2Upttj5rKw MAinutKENxxjBxiqGciEXRM/q6dcaRLtIjQycgf15NXu X-Received: by 2002:a9d:53cc:: with SMTP id i12mr11208129oth.11.1583821647433; Mon, 09 Mar 2020 23:27:27 -0700 (PDT) MIME-Version: 1.0 References: <20200310023516.209146-1-alainm@chromium.org> <87A4E633-63CF-4C71-9BF6-916894790EED@holtmann.org> In-Reply-To: <87A4E633-63CF-4C71-9BF6-916894790EED@holtmann.org> From: Luiz Augusto von Dentz Date: Mon, 9 Mar 2020 23:27:15 -0700 Message-ID: Subject: Re: [BlueZ PATCH 0/2] HID and HOGP connections from non-bonded devices. To: Marcel Holtmann Cc: Alain Michaud , Bluez mailing list Content-Type: text/plain; charset="UTF-8" Sender: linux-bluetooth-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hi Marcel, On Mon, Mar 9, 2020 at 10:26 PM Marcel Holtmann wrote: > > Hi Alain, > > > It was discovered that BlueZ's HID and HOGP profiles implementations > > don't specifically require bonding between the device and the host. > > > > This creates an opportunity for an malicious device to connect to a > > target host to either impersonate an existing HID device without > > security or to cause an SDP or GATT service discovery to take place > > which would allow HID reports to be injected to the input subsystem from > > a non-bonded source. > > > > This patch series addresses the issue by ensuring that only connections > > from devices that are bonded are accepted by the HID and HOGP profile > > implementation. > > > > More information about the vulnerability is available here: > > https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html > > > > Alain Michaud (2): > > HOGP must only accept data from bonded devices. > > HID accepts bonded device connections only. > > > > profiles/input/device.c | 23 ++++++++++++++++++++++- > > profiles/input/device.h | 1 + > > profiles/input/hog.c | 4 ++++ > > profiles/input/input.conf | 8 ++++++++ > > profiles/input/manager.c | 13 ++++++++++++- > > 5 files changed, 47 insertions(+), 2 deletions(-) > > both patches have been applied. > > However I changed BrBondedOnly configuration name into ClassicBondedOnly since that name seemed more obvious to me. The prefix Br has never been used and the Bluetooth SIG started calling it Classic a while back. Looks like you were quicker than me, anyway I do fill like we should attempt to bump to security instead of just refuse to connection in case of HoG since we are the central and the peripheral is not mandated to started it either it may be just the client application is attempting to connect to trigger pairing on demand, that would usually kick latter when reading the characteristics but with this changes it doesn't even get to that point if the devices was not bonded already. -- Luiz Augusto von Dentz