Re: BadUSB discussion

[Greg KH <greg () kroah com>]

On Fri, Aug 08, 2014 at 11:03:58PM +0200, Yves-Alexis Perez wrote:
> On ven., 2014-08-08 at 22:41 +0200, Yves-Alexis Perez wrote:
> > > Then do just that, Linux has allowed you to do this for years, again,
> > > but very few people take advantage of it.
> >
> > Reading that thread, that's exactly what I thought about that. I guess
> > it could be a good idea to set usbcore.authorized_default to 0 when the
> > systems is locked (logind could provide that information). There's still
> > the issue that it's then not possible to unlock the system in some
> > situation (for example because you had to unplug the keyboard while
> > logged out, or stuff like that). But at least that would be a
> > possibility.
>
> Actually, since it's a module parameter, it doesn't seem possible to
> toggle it without reloading the module (or rebooting if it's builtin).
> So it might not be that easy to do the locking part.

echo "0" > /sys/module/usbcore/parameters/authorized_default