Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 2 Dec 2004 12:05:09 +0100
From:      Hans Petter Selasky <hselasky@c2i.net>
To:        Craig Rodrigues <rodrigc@crodrigues.org>
Cc:        freebsd-usb@freebsd.org
Subject:   Re: Changing permissions of /dev/usb[n] to 664?
Message-ID:  <20041202120509.A277@curly.tele2.no>
In-Reply-To: <20041130064837.GA1541@crodrigues.org>; from rodrigc@crodrigues.org on Tue, Nov 30, 2004 at 01:48:37AM -0500
References:  <20041107064227.GA79915@crodrigues.org> <20041107.125814.34760598.imp@bsdimp.com> <20041130064837.GA1541@crodrigues.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Nov 30, 2004 at 01:48:37AM -0500, Craig Rodrigues wrote:
> On Sun, Nov 07, 2004 at 12:58:14PM -0700, M. Warner Losh wrote:
> > This looks good, but we should audit all the ioctls to make sure the
> > ones that modify anything have the proper checks to make sure the fd
> > was opened for write.
> 
> OK.  Here is another iteration of the patch.
> It does the following:
> - opens /dev/usb[n] as 664
> - puts suser() permission checks in the following paths:
>     USB_REQUEST ioctl()
>     usbpoll()
>     usbread()

You don't need /dev/usb to be accessable by non-root users, to run usbdevs. 
That way you only need to check suser() when unit == USB_DEV_MINOR.

usbpoll should return zero on error?

What if a user which belongs to the group "operator" tries to open /dev/usbX 
and uses the ioctl USB_REQUEST?

> 
> This is what a non-root user can and cannot do on /dev/usb[n]: 
> 
> Allowed
> =======
> USB_DISCOVER
> USB_DEVICEINFO
> USB_DEVICESTATS
> usbopen()
> usbclose()
> 
> Forbidden
> =========
> USB_REQUEST
> usbread()
> usbpoll()
> 
> The result of this patch is that a non-root user can
> run usbdevs without a problem.
> 
> I also have a small test program where I tried running
> different ioctl's as non-root and this is the output I got:
> 
> Executing ioctl(): USB_REQUEST Operation not permitted
> Executing ioctl(): USB_DISCOVER...OK
> Executing ioctl(): USB_DEVICEINFO...OK
> Executing ioctl(): USB_DEVICESTATS...OK
> 
> Comments?
> 

Yours
-HPS

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041202120509.A277>