Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 4 Nov 1997 05:08:51 +0100 (MET)
From:      Luigi Rizzo <luigi@labinfo.iet.unipi.it>
To:        jonny@coppe.ufrj.br (Joao Carlos Mendes Luis)
Cc:        multimedia@FreeBSD.ORG
Subject:   Re: A small addition to the bt848 driver...
Message-ID:  <199711040408.FAA19059@labinfo.iet.unipi.it>
In-Reply-To: <199711031918.RAA07551@gaia.coppe.ufrj.br> from "Joao Carlos Mendes Luis" at Nov 3, 97 05:18:22 pm

next in thread | previous in thread | raw e-mail | index | archive | help
> 
> #define quoting(Luigi Rizzo)
> //               if (write) { 
> //                   i2cWrite( bktr, i2c_addr, i2c_port, data);
> //               } else {
> //                   data = i2cRead( bktr, i2c_addr);
> //               }
> 
> Is there something harm that a mortal user could do using direct
> access to i2c bus ?  If so, consider checking for root privs.
> This seems to much of low level access to allow to everybody.

reading is harmless, writing _could_ be dangerous if it tries to
scramble the content of the EEprom. But a simple check on i2c_addr
to deny access to the eeprom  (or perhaps even to the tuner) should
solve all problems.

I agree that this should not be there, and we ought to have higher
level calls to perform functions, but this code is meant mainly for
development purposes.

> chmod'ing the device may not be an option.  I would not want
> every bt848 program to be suid either.  And depending on the
> power of i2c (think hardware debug), fbtab is not an option

are you sure you are not confusing i2c with something else, e.g.
JTAG ?

In any case if you are so worried about misuse of the card, you should
really restrict access to it. As it is now, it is perfectly possible
that some user passes a bogus video.addr to the card instructing
it to dump data onto memory at random places ? There is no checking
whatsoever... That's in my opinion a big security hole.

	Cheers
	Luigi
-----------------------------+--------------------------------------
Luigi Rizzo                  |  Dip. di Ingegneria dell'Informazione
email: luigi@iet.unipi.it    |  Universita' di Pisa
tel: +39-50-568533           |  via Diotisalvi 2, 56126 PISA (Italy)
fax: +39-50-568522           |  http://www.iet.unipi.it/~luigi/
_____________________________|______________________________________



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711040408.FAA19059>