Hi Antoine,
> > Whilst I've fixed that bit at least, the new attached patch doesn't
> > grab devices that are renabled via "xinput enable" although we do
> > successfully detect that "edge" event now.
>
> Cool! I'm not sure whether this other edge case is important -- are
> there situations where an attacker in front of a locked computer could
> manage to pull this off?
An attacker being able to run xinput? No we should not care about that
but I was _only_ using that to *emulate* your example of plugging in a
USB multitouch device, not caring about that particular vector per se.
Unfortunately, it turns out my touchpad is a PCI device and I can't
thus follow the exact same testcase as you (ie. via the "authorized")
file. Not only that when I try and emulate it using "rmmod i2c_hid &&
sleep 5 && modprobe i2c_hid" I cannot reproduce that the device is not
regrabbed.
I wonder; could you try the patch I attached previously and see
whether that actually works for USB devices? If so, I would be happy
with rolling it out. If it does not appear to work, please could you
add a quick:
fprintf(stderr, "grabbing\n");
… at the top of the the handle_multitouch function and see whether
that's even called when it gets re-enabled?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org 🍥 chris-lamb.co.uk
`-
