From owner-freebsd-questions@FreeBSD.ORG Wed May 23 02:52:05 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A7010106566C for ; Wed, 23 May 2012 02:52:05 +0000 (UTC) (envelope-from bonomi@mail.r-bonomi.com) Received: from mail.r-bonomi.com (mx-out.r-bonomi.com [204.87.227.120]) by mx1.freebsd.org (Postfix) with ESMTP id 653028FC12 for ; Wed, 23 May 2012 02:52:05 +0000 (UTC) Received: (from bonomi@localhost) by mail.r-bonomi.com (8.14.4/rdb1) id q4N2rsdN078363; Tue, 22 May 2012 21:53:54 -0500 (CDT) Date: Tue, 22 May 2012 21:53:54 -0500 (CDT) From: Robert Bonomi Message-Id: <201205230253.q4N2rsdN078363@mail.r-bonomi.com> To: freebsd-questions@freebsd.org, tomdean@speakeasy.org In-Reply-To: <4FBC4B20.8070100@speakeasy.org> Cc: Subject: Re: Using inb() and outb() X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 May 2012 02:52:05 -0000 > From owner-freebsd-questions@freebsd.org Tue May 22 21:30:21 2012 > Date: Tue, 22 May 2012 19:27:44 -0700 > From: "Thomas D. Dean" > To: freebsd-questions@freebsd.org > Subject: Re: Using inb() and outb() > > On 05/22/12 17:09, Eitan Adler wrote: > > On 22 May 2012 14:25, Thomas D. Dean wrote: > >> On 05/22/12 14:08, Robert Bonomi wrote: > >> > >> That is what I thought. > >> > >> The entire operation will have to run as root. Nothing will be non-root. > > > > Can you make a SUID helper which only does the inb/outb operations as root? > > > > I am planing to move the higher level functions to a driver. > > I really want a userland interface to the process. It just occured to me -- you could do a 'daemon' process that ran as the superuser, and provided the hardware-level services to a non-root client via, say, RPC, or a bare 'socket' ('unix' or 'ip') connection. Doing the I/O via RPC would be 'interesting', in that the 'device' could be physically connected to one machine (almost an 'embedded'-class micro- controller), while the vast majority of the 'control progrm' could run on an entirely different machine. If you're up to doing the device-driver coding, it is a =better= solution, because then you can use the filesystem access-control mechanisms to limit access to the 'device'.