-
Should account
user(inUSERsession) be able to use usbguard-notifieryes/nobuttons?
When a new USB device is attached, USBGuard Notifier shows a passive popup withyes/nobuttons. -
Behavior of the buttons:
- Pressing
no: nothing happens (default behavior) - Pressing
yes: the USB device is allowed
- Pressing
-
Alternative policy option:
It could be configured so that only thesysmaintaccount (in theSYSMAINTsession) is allowed to authorize devices using theyesbutton. -
Question about the threat model:
What threat model are we actually trying to address with USBGuard? -
Scenario 1: untrusted user with unlocked screen:
Is someone physically present at the computer with an unlocked screen considered a threat? For example, in a corporate environment, an untrusted employee might insert a malicious USB device. -
Scenario 2: trusted user with unlocked screen:
Or is the assumption that if the screen is unlocked, the logged-in user is trusted and should be allowed to authorize new USB devices by clickingyes? This would align more with a personal computer context, where only trusted users can unlock the screen. -
Main use case for USBGuard?
Is the goal to have USBGuard protect the system only while the screen is locked, relying on users not to authorize unexpected USB devices when logged in?
Aaron: usbguard-notifier allows users to ad-hoc allow and deny USB devices when they are attached. Should we allow the
qubesandsudogroups to havemodifypermissions in usbguard as well to allow this to work?