You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently we use a udev to grant access to the currently logged in user, but this has poor behavior when multiple users are logged in at once. For example the following steps will leak a U2F device to the wrong user:
User A is logged in
this causes the user-daemon to request a virtual U2F device be created
User A, assuming they are the only interactive user logged in, will be first "seat" and so can access the device
The switch user feature in GNOME is used to log in User B without terminating the session of A
this causes the user-daemon to request another virtual U2F device be created
User B is now the first "seat" and so can access both their device and the U2F device from User A
This behavior happens with hardware keys also when using u2f-hidraw-policy, but still it would be nice to address it at some point. See #2 for more detail on how this works.
My current best idea is to pass along uid/gid info in the HID device identifiers or descriptor and have a udev helper program that parses that back out and uses it to set acl permissions appropriately.
The text was updated successfully, but these errors were encountered:
Currently we use a
udev
to grant access to the currently logged in user, but this has poor behavior when multiple users are logged in at once. For example the following steps will leak a U2F device to the wrong user:This behavior happens with hardware keys also when using u2f-hidraw-policy, but still it would be nice to address it at some point. See #2 for more detail on how this works.
My current best idea is to pass along uid/gid info in the HID device identifiers or descriptor and have a udev helper program that parses that back out and uses it to set acl permissions appropriately.
The text was updated successfully, but these errors were encountered: