On Fri 15 May 2026 at 21:52:36 (+0200), [email protected] wrote: > On Fri, May 15, 2026 at 01:36:17PM -0500, David Wright wrote: > > On Fri 15 May 2026 at 12:32:27 (-0400), Stefan Monnier wrote: > > > >> Not just bugs: I don't know of any OS out there that is even designed > > > >> to > > > >> behave like you describe: they all automatically accept to recognize > > > >> the > > > >> other end as whichever device (or set of devices) it claims to be. > > > > My android phone does that, as I already described: "When I run it > > > > [the script to mount the phone's fileystem] after connecting the > > > > phone, it (phone) asks for permission on its screen [which I have to > > > > acknowledge]." > > > > > > Now, try to connect a keyboard or a mouse to your phone (via USB), > > > instead: does it asks you for confirmation before you can use the > > > keyboard to control the phone? > > > > I don't see why it should. Under what circumstances would you deny > > the device access? > > If you don't know it is a keyboard, and it starts typing stuff (under > your own UID, no less!): > > https://en.wikipedia.org/wiki/BadUSB > > Who needs automount?
OK, I see now that you're extending the discussion from charging ports to inserting random USB sticks into your computer when you don't know their provenance. I guess the techies that are likely to encounter these devices are employed way above my paygrade. I'd be flattered to be targeted by the people who make these devices. (Likewise if I was sent a white powder in the mail—I don't have the means to distinguish flour from anthrax.) I don't work for a company where they block your USB ports or harden their machines to that extent. Whether hardened versions of Debian can determine if an attached keyboard is genuine before accepting its keystrokes, IDK. I concern myself with more likely threats, as you probably do too. Cheers, David.
