usbguard icon indicating copy to clipboard operation
usbguard copied to clipboard
verified publisher icon USBGuard

Issue with localtime condition in rule

Open simakhan785 opened this issue 7 years ago • 1 comments

Currently, I am experimenting with usbguard and I have found that if I set rule for a USB device for e.g. if localtime(14:00-14:35), then particularly usb is worked if it inserted between 14:00 to 14:35. But, once the usb is inserted it is continuously available beyond 14:35 for example, because the applypolicy is only reinforce when there is an event or policy change but not invoked when time condition is lapsed. Pls. look this issue in implementation.

Thanks Siam

simakhan785 avatar Jan 10 '18 15:01 simakhan785

Is the localtime rule condition will only be checked at insertion/removal of the device. It should be check also in periodic interval when the time condition is lapsed. Otherwise, it may create a security hole - for e.g. if the usb is allowed for a particular time interval, but that usb is disable for other time interval. If one inserts a usb device in allowed time interval, it will remain active until it remove it from system. This is a security event scenario. Pls. look into the above issue.

simakhan785 avatar Jan 22 '18 17:01 simakhan785