svn commit: r325287 - in head/etc: defaults rc.d

Conrad Meyer cem at FreeBSD.org
Wed Nov 1 18:58:55 UTC 2017 

Author: cem
Date: Wed Nov  1 18:58:54 2017
New Revision: 325287
URL: https://svnweb.freebsd.org/changeset/base/325287

Log:
  bluetooth: Default to discoverable off
  
  Try to not expose bluetooth devices to external devices unless the user
  explicitly configures it, like any other radio/network device.  Bluetooth
  has a long history of security problems and it is probably best to keep it
  disabled if not needed.
  
  Users who do use the bluetooth device should enable "discoverable" in
  bluetooth.device.conf(5) after this change.
  
  Keep in mind that bluetooth addresses can be discovered by passive
  monitoring or whole address-space scans[0], so a safety conscious user
  should also disable "connectable" in bluetooth.device.conf(5).
  
  [0]: https://www.sans.edu/cyber-research/security-laboratory/article/bluetooth
  
  Reviewed by:	emax, hselasky
  Security:	maybe
  Sponsored by:	Dell EMC Isilon
  Differential Revision:	https://reviews.freebsd.org/D12831

Modified:
  head/etc/defaults/bluetooth.device.conf
  head/etc/rc.d/bluetooth

Modified: head/etc/defaults/bluetooth.device.conf
==============================================================================
--- head/etc/defaults/bluetooth.device.conf	Wed Nov  1 18:49:45 2017	(r325286)
+++ head/etc/defaults/bluetooth.device.conf	Wed Nov  1 18:58:54 2017	(r325287)
@@ -65,7 +65,7 @@
 # NO  or 0	do not scan for inquiry requests;
 # YES or 1	scan for inquiry requests (default).
 
-# discoverable="YES"
+# discoverable="NO"
 
 # The encryption_mode parameter controls if the device requires encryption
 # to the remote device at connection setup. At connection setup, only the

Modified: head/etc/rc.d/bluetooth
==============================================================================
--- head/etc/rc.d/bluetooth	Wed Nov  1 18:49:45 2017	(r325286)
+++ head/etc/rc.d/bluetooth	Wed Nov  1 18:58:54 2017	(r325287)
@@ -287,7 +287,7 @@ bluetooth_start()
 	bluetooth_device_authentication_enable="0"
 	bluetooth_device_class="ff:01:0c"
 	bluetooth_device_connectable="1"
-	bluetooth_device_discoverable="1"
+	bluetooth_device_discoverable="0"
 	bluetooth_device_encryption_mode="0"
 	bluetooth_device_hci_debug_level="3"
 	bluetooth_device_l2cap_debug_level="3"

More information about the svn-src-all mailing list