I’ll try one more time and then give up on this B&F.
- @fslover looks like he understood what I’m talking about and quoted this topic:
Which one is more secure: "sys-usb" or "sys-net as sys-usb"?
On that short topic, also another topic is quoted, so I’ll re-qoute it here
That topic is short too. If you read it (which makes me think you didn’t, otherwise you’d ask what is not clear there, not here), it is exactly the situation where you can compromise your sys-usb via sys-net.
-
You could have your ethernet controller attached to sys-net, while having any other network device (internal or external) attached to USB controller(s). I’m repeating myself for the last time here.
So you choose to go online via your USB network device online (in parallel with sys-net or alone, it doesn’t matter). So, that scenario would compromise your USB devices too, and what’s more dangerous - controller on which USB network device is attached to, and even more dangerous, all other USB controllers that are attached to the same sys-usb, regardless of the fact that you have separate sys-net and sys-usb. -
I can attach some PCI and USB controllers to a sys-net, and other USB controllers to a sys-usb. All USB devices attached to a sys-net will be compromised once sys-net is compromised, regardless of the fact that you have separate sys-net and sys-usb.
So your claim
… is not correct and complete (see 2. and 3.) and could mislead users to a false sense of security, because your claim is correct in only one scenario:
- user have all network devices and controllers they’re attached to in a sys-net, and devices from those controller(s) aren’t later attached to sys-usb and vice versa, and you’re not attaching any other USB device to that controller residing in a sys-net.
I tried to point this, but it looks like you’re insisting your claim is one and only that is correct, so I’m leaving you there.
From this point on, I’d reply only users that are further interested in explanation, but only if they confirmed they read all the quoted topics, and the posts here, explicitly quoting claims that aren’t clear enough for them.