© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
Right so just spent some time thinking about it :)
We basically have three possible ways of "fixing" this bug (though not all fix the overall problem):
1) Disable /lib/udev/
2) Run bluetooth-applet from ubiquity-dm
3) Write our own agent dealing with the connections and our install time policy
The problem with 1) is that it'd only work with a limited set of USB receivers and will only work during install, not post-install so just delaying the problem to the first boot.
The problem with 2) is that it'll still prompt the user for the pin code or confirmation which they'll have no way to do as they won't have any input device at that point.
So I started working on 3) with the following plan:
- Spawn a small bluetooth agent that I wrote (based on bluez-simple-agen): http://
- This agent will spawn and for 5 minutes will accept any HID device connecting, also adding it to bluez's trust list.
- The filtering is done using a mask of 0x500 (found using http://
- After these 5 minutes, it'll spawn bluetooth-daemon which will deal with any bluetooth device connecting from this point.
- Post-install, ubiquity will copy /var/lib/bluetooth/ to the target so that the trust is there at boot time and the input devices work as expected.
The problem with this solution is on the security side obviously as any HID bluetooth device connecting during these 5 minutes will automatically be allowed to connect at any time on the install system. I think that the 5 minutes limitation and the bitmask mitigate that enough to be acceptable (not that we have another solution really ...).
I'm subscribing the security team for review and approval, in the mean time I'll at least add bluetooth-applet and /var/lib/bluetooth/ to ubiquity. The switch to my custom agent would be done by overriding /usr/bin/