How immune is this solution to VID / PID spoofing?<p>I've thought about this topic before and arrived at the idea that USB devices ought to be treated kind of like user accounts, where I can control what drivers / data / devices they have access to.
What a nice security improvement, many thanks for developing this! It should be default in all operating systems to only accept known USB devices and in the case of new USB devices prompt the user with a clear warning message.
From the manpage[1], you could also permanently allow a device by passing the "-p" option.<p><pre><code> usbguard allow-device -p <id>
</code></pre>
[1]: <a href="https://github.com/USBGuard/usbguard/blob/master/doc/man/usbguard.1.adoc" rel="nofollow">https://github.com/USBGuard/usbguard/blob/master/doc/man/usb...</a>
> But that didn't stop the Debian developers, who maintain that package, to allow USBGuard daemon to start with zero configuration<p>Ok so you might install it then lose HID access?<p>Sounds like a bad default config.