Page MenuHomePureOS Tracker

Protect against poisontap (unrecognized USB network devices)
Open, NormalPublic


Ctrl+F "poisontap" in

Instead of prompting the user every time something is plugged in, I presume the smart approach would be to block DHCP at the udev level while the gnome-shell screen is locked.

Once a solution is found in PureOS, it should be advertised as a feature, and upstreamed (if possible/accepted) to GNOME.

Event Timeline

jeff created this task.Apr 15 2017, 17:51
jonas.smedegaard triaged this task as Normal priority.Oct 26 2017, 05:36
jonas.smedegaard added a subscriber: jonas.smedegaard.

I believe a solution exists: apt install usbguard-applet-qt

Please test and report back if that indeed solves this issue.

If it does, we can consider options of a) installing that package by default, and b) feasability of hiring developers to code a GTK+ applet (or locating if one has been written already and simply needs packaging).

I have set severity to normal. Please shout if considered more important than that.

@jeff did you test this?
also it has CLI. I think in any case we should add this to defaults as it seems quite usable (@mak ?)

mak added a comment.Jan 13 2018, 20:04

It will pull in Qt though, and GNOME doesn't support applets/system tray icons natively anymore.
So, can we add it? Yes, of course, but it will look very alien, and we will have to modify our GNOME Shell session to display status icons.

what about only CLI option of it or should we get someone to build a gtk version of it?

hansolo added a subscriber: hansolo.Dec 29 2018, 12:26
hansolo added a comment.Jul 18 2019, 03:27

Using the Qt-version on PureOS and the status icons aren't really needed. The popup for allowing a device looks a little bit out of place, but it works flawlessly.

jonas.smedegaard removed zlatan.todoric as the assignee of this task.May 27 2021, 05:55
jonas.smedegaard added a subscriber: zlatan.todoric.