[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian and fingerprint readers

Wouter Verhelst <wouter@debian.org> writes:

> On Thu, Mar 04, 2021 at 05:57:15PM -0500, Sam Hartman wrote:
>> The parts of Debian that are trying to do that are some of the desktop
>> environments.  So, I'd approach the maintainers of Gnome and KDE and
>> see if they are interested in recommending this functionality.
> It could also be added to the laptop task, which would mean it would be
> installed by default on all laptops that are installed with debian-installer
> Alternatively, d-i has some hardware detection functionality, to install
> the correct drivers for hardware that is found. One could add entries
> for supported fingerprint readers to the hardware detection in d-i, and
> then install the necessary packages.
> The hard part, however, is configuring all this so it works correctly
> out of the box, also for users who don't want to use it.

For users that don't want to use it, I'd suggest that the only correct
answer is for them to never have had the software on their computer at
any point, given that it's security sensitive software, and any bugs may
well have the potential to hurt.

I presume if one installs this software, that even when the screen is
locked, when someone swipes a finger (or a specifically crafted toxic
pattern for that matter) on the reader, that something will be provoked
to run that would not have been run if it were not installed.

That seems like an increase in attack surface to me, that we should not
lightly inflict on unsuspecting users just because *shiny finger scanner*.

I'd expect that people that want their fingerprint scanners to be in use
are mostly aware of that fact, so as long as we make the optional
packages easily installable, that seems completely sufficient to me.

Cheers, Phil.
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/    http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,    GERMANY

Attachment: signature.asc
Description: PGP signature

Reply to: