From owner-freebsd-multimedia  Mon Nov  3 21:21:04 1997
Return-Path: <owner-freebsd-multimedia>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id VAA11083
          for multimedia-outgoing; Mon, 3 Nov 1997 21:21:04 -0800 (PST)
          (envelope-from owner-freebsd-multimedia)
Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id VAA11067
          for <multimedia@FreeBSD.ORG>; Mon, 3 Nov 1997 21:20:49 -0800 (PST)
          (envelope-from luigi@labinfo.iet.unipi.it)
Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id FAA19059; Tue, 4 Nov 1997 05:08:52 +0100
From: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Message-Id: <199711040408.FAA19059@labinfo.iet.unipi.it>
Subject: Re: A small addition to the bt848 driver...
To: jonny@coppe.ufrj.br (Joao Carlos Mendes Luis)
Date: Tue, 4 Nov 1997 05:08:51 +0100 (MET)
Cc: multimedia@FreeBSD.ORG
In-Reply-To: <199711031918.RAA07551@gaia.coppe.ufrj.br> from "Joao Carlos Mendes Luis" at Nov 3, 97 05:18:22 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-multimedia@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> 
> #define quoting(Luigi Rizzo)
> //               if (write) { 
> //                   i2cWrite( bktr, i2c_addr, i2c_port, data);
> //               } else {
> //                   data = i2cRead( bktr, i2c_addr);
> //               }
> 
> Is there something harm that a mortal user could do using direct
> access to i2c bus ?  If so, consider checking for root privs.
> This seems to much of low level access to allow to everybody.

reading is harmless, writing _could_ be dangerous if it tries to
scramble the content of the EEprom. But a simple check on i2c_addr
to deny access to the eeprom  (or perhaps even to the tuner) should
solve all problems.

I agree that this should not be there, and we ought to have higher
level calls to perform functions, but this code is meant mainly for
development purposes.

> chmod'ing the device may not be an option.  I would not want
> every bt848 program to be suid either.  And depending on the
> power of i2c (think hardware debug), fbtab is not an option

are you sure you are not confusing i2c with something else, e.g.
JTAG ?

In any case if you are so worried about misuse of the card, you should
really restrict access to it. As it is now, it is perfectly possible
that some user passes a bogus video.addr to the card instructing
it to dump data onto memory at random places ? There is no checking
whatsoever... That's in my opinion a big security hole.

	Cheers
	Luigi
-----------------------------+--------------------------------------
Luigi Rizzo                  |  Dip. di Ingegneria dell'Informazione
email: luigi@iet.unipi.it    |  Universita' di Pisa
tel: +39-50-568533           |  via Diotisalvi 2, 56126 PISA (Italy)
fax: +39-50-568522           |  http://www.iet.unipi.it/~luigi/
_____________________________|______________________________________