From owner-freebsd-usb@FreeBSD.ORG Thu Dec 2 10:59:27 2004 Return-Path: Delivered-To: freebsd-usb@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 35B8016A4CE for ; Thu, 2 Dec 2004 10:59:27 +0000 (GMT) Received: from mailfe08.swip.net (mailfe08.swip.net [212.247.154.225]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74E2D43D46 for ; Thu, 2 Dec 2004 10:59:26 +0000 (GMT) (envelope-from hselasky@c2i.net) X-T2-Posting-ID: Y1QAsIk9O44SO+J/q9KNyQ== Received: from [193.216.45.225] (HELO curly.tele2.no) by mailfe08.swip.net (CommuniGate Pro SMTP 4.2.6) with ESMTP id 36243305; Thu, 02 Dec 2004 11:59:24 +0100 Received: (from root@localhost) by curly.tele2.no (8.12.5/8.12.3) id iB2B5Bhr000432; Thu, 2 Dec 2004 12:05:11 +0100 (CET) (envelope-from hselasky@c2i.net) Date: Thu, 2 Dec 2004 12:05:09 +0100 From: Hans Petter Selasky To: Craig Rodrigues Message-ID: <20041202120509.A277@curly.tele2.no> References: <20041107064227.GA79915@crodrigues.org> <20041107.125814.34760598.imp@bsdimp.com> <20041130064837.GA1541@crodrigues.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20041130064837.GA1541@crodrigues.org>; from rodrigc@crodrigues.org on Tue, Nov 30, 2004 at 01:48:37AM -0500 cc: freebsd-usb@freebsd.org Subject: Re: Changing permissions of /dev/usb[n] to 664? X-BeenThere: freebsd-usb@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD support for USB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Dec 2004 10:59:27 -0000 On Tue, Nov 30, 2004 at 01:48:37AM -0500, Craig Rodrigues wrote: > On Sun, Nov 07, 2004 at 12:58:14PM -0700, M. Warner Losh wrote: > > This looks good, but we should audit all the ioctls to make sure the > > ones that modify anything have the proper checks to make sure the fd > > was opened for write. > > OK. Here is another iteration of the patch. > It does the following: > - opens /dev/usb[n] as 664 > - puts suser() permission checks in the following paths: > USB_REQUEST ioctl() > usbpoll() > usbread() You don't need /dev/usb to be accessable by non-root users, to run usbdevs. That way you only need to check suser() when unit == USB_DEV_MINOR. usbpoll should return zero on error? What if a user which belongs to the group "operator" tries to open /dev/usbX and uses the ioctl USB_REQUEST? > > This is what a non-root user can and cannot do on /dev/usb[n]: > > Allowed > ======= > USB_DISCOVER > USB_DEVICEINFO > USB_DEVICESTATS > usbopen() > usbclose() > > Forbidden > ========= > USB_REQUEST > usbread() > usbpoll() > > The result of this patch is that a non-root user can > run usbdevs without a problem. > > I also have a small test program where I tried running > different ioctl's as non-root and this is the output I got: > > Executing ioctl(): USB_REQUEST Operation not permitted > Executing ioctl(): USB_DISCOVER...OK > Executing ioctl(): USB_DEVICEINFO...OK > Executing ioctl(): USB_DEVICESTATS...OK > > Comments? > Yours -HPS