Re: How to secure access to SD cards a la USBGuard?

To: debian-user@lists.debian.org
Subject: Re: How to secure access to SD cards a la USBGuard?
From: Stefan Monnier <monnier@iro.umontreal.ca>
Date: Fri, 12 Nov 2021 12:27:59 -0500
Message-id: <[🔎] jwvr1bl8fj9.fsf-monnier+gmane.linux.debian.user@gnu.org>
References: <[🔎] b642c779-e4ed-7de1-a28c-6d0ef8a20c5a@gmail.com> <[🔎] jwvwnld8iuj.fsf-monnier+gmane.linux.debian.user@gnu.org> <[🔎] 32bfedbe-c0a3-dbcf-0afd-935d40d41081@gmail.com>

> What I'd like is to be able to let users mount only those memory cards that
> have been registered up front. I've always thought it strange that people
> consider thumbdrives to be a risk (and rightly so), but no one is seemingly
> bothered by almost the equivalent risk posed by memory cards.

There's a difference in the fact that what looks like a USB thumbdrive
may actually expose itself to your machine as something else
(e.g. a combination of a thumbdrive, a keyboard, a mouse, a network
adapter, a serial port, you name it).

Hence USB guard.

IIUC the SD protocol also supports other kinds of devices (SDIO devices)
so it opens up comparable risks, but since it's an extension of the base
SD protocol we can hope that most sdcard readers only support access to
actual mass storage thingies and hence block those threats in
their tracks.

> Those can contain "bad" software as well, and they can to automounted
> just as easily as USB-drives. So why not make it possible to prevent
> users from mounting a card they found somewhere or that was given to
> them by some unknown agent?

I think usually the assumption is that just mounting a card doesn't
introduce serious risk as long as you avoid obvious issues like setuid
bits, and as long as you don't go out of your way to introduce security
holes (such as by auto-executing some files from the just-mounted
partition).

> P.S. Just to be sure: this is not about letting only specific users mount
> a filesystem. I know how to achieve that goal. This is about preventing
> social engineering attacks through malicious memory cards, without blocking
> the card reader altogether.

I see more or less what you're thinking of, but I'm not familiar with
such social engineering attacks to know what to recommend.

As mentioned, the way to control it will depend on the specific tool
used to mount.  E.g. if it's mounted by hand via a rule in /etc/fstab,
then you can rules that specify the device via /etc/disk/by-uuid.

Do note that partition UUIDs are not designed to be reliable w.r.t
malicious uses (it's easy to create a partition with the same UUID as
some other).

Another way might to be to force the use of an encrypted filesystem and
see if you can enforce the use of a particular encryption key, so any
memory card not encrypted with the specific key will hopefully fail.


        Stefan

Reply to:

References:
- How to secure access to SD cards a la USBGuard?
  - From: "hdv@gmail" <hdv.jadev@gmail.com>
- Re: How to secure access to SD cards a la USBGuard?
  - From: Stefan Monnier <monnier@iro.umontreal.ca>
- Re: How to secure access to SD cards a la USBGuard?
  - From: "hdv@gmail" <hdv.jadev@gmail.com>

Prev by Date: Re: Where do I find the definitive man page for mdadm?
Next by Date: Re: Where do I find the definitive man page for mdadm?
Previous by thread: Re: How to secure access to SD cards a la USBGuard?
Next by thread: akonadi - problems and more
Index(es):
- Date
- Thread