Package: android-tools-adb
Version: 5.1.1.r29-2
Severity: important
Dear Maintainer,
I just found out that I could open a few USB devices on my system that I did
not expect to be able to:
- an Intel bluetooth dongle (actually, a mini-PCI-x card exposing bluetooth
function on USB and wifi on PCI-x)
VendorID: 0x8087
udev rule: ATTR{idVendor}=="8087", ENV{adb_user}="yes"
- a Huawei 3G modem USB dongle
VendorID: 0x12d1
udev rule: ATTR{idVendor}=="12d1", ENV{adb_user}="yes"
And, last but not least:
- my ThinkPad USB keyboard (actually an USB keyboard with the same layout as
on a ThinkPad laptop)
VendorID: 0x17ef
udev rule: ATTR{idVendor}=="17ef", ENV{adb_user}="yes"
As you can see, none of these is an android device.
I am not member of the adb group, but because of logind-handled udev device
tags, ACLs are granted to my user on these devices.
I am *not* comfortable with the idea of any process running in my session
being technically allowed to open any USB device, even less my keyboard, for
security reasons which should be blindingly obvious.
Please do not allow such broad udev rules to be installed !
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf
Kernel: Linux 4.5.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages android-tools-adb depends on:
ii libc6 2.22-6
ii libssl1.0.2 1.0.2g-1
ii zlib1g 1:1.2.8.dfsg-2+b1
android-tools-adb recommends no packages.
android-tools-adb suggests no packages.
-- no debconf information
