From owner-freebsd-multimedia  Mon Nov  3 23:05:39 1997
Return-Path: <owner-freebsd-multimedia>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id XAA17674
          for multimedia-outgoing; Mon, 3 Nov 1997 23:05:39 -0800 (PST)
          (envelope-from owner-freebsd-multimedia)
Received: from rah.star-gate.com (rah.star-gate.com [204.188.121.18])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id XAA17667
          for <multimedia@FreeBSD.ORG>; Mon, 3 Nov 1997 23:05:35 -0800 (PST)
          (envelope-from hasty@rah.star-gate.com)
Received: from rah.star-gate.com (localhost.v-site.net [127.0.0.1])
	by rah.star-gate.com (8.8.7/8.8.5) with ESMTP id XAA13741;
	Mon, 3 Nov 1997 23:05:05 -0800 (PST)
Message-Id: <199711040705.XAA13741@rah.star-gate.com>
X-Mailer: exmh version 2.0gamma 1/27/96
To: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
cc: jonny@coppe.ufrj.br (Joao Carlos Mendes Luis), multimedia@FreeBSD.ORG
Subject: Re: A small addition to the bt848 driver... 
In-reply-to: Your message of "Tue, 04 Nov 1997 05:08:51 +0100."
             <199711040408.FAA19059@labinfo.iet.unipi.it> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 03 Nov 1997 23:05:05 -0800
From: Amancio Hasty <hasty@rah.star-gate.com>
Sender: owner-freebsd-multimedia@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> > 
> > #define quoting(Luigi Rizzo)
> > //               if (write) { 
> > //                   i2cWrite( bktr, i2c_addr, i2c_port, data);
> > //               } else {
> > //                   data = i2cRead( bktr, i2c_addr);
> > //               }
> > 
> > Is there something harm that a mortal user could do using direct
> > access to i2c bus ?  If so, consider checking for root privs.
> > This seems to much of low level access to allow to everybody.
> 
> reading is harmless, writing _could_ be dangerous if it tries to
> scramble the content of the EEprom. But a simple check on i2c_addr
> to deny access to the eeprom  (or perhaps even to the tuner) should
> solve all problems.
> 
> I agree that this should not be there, and we ought to have higher
> level calls to perform functions, but this code is meant mainly for
> development purposes.
> 
> > chmod'ing the device may not be an option.  I would not want
> > every bt848 program to be suid either.  And depending on the
> > power of i2c (think hardware debug), fbtab is not an option
> 
> are you sure you are not confusing i2c with something else, e.g.
> JTAG ?
> 
> In any case if you are so worried about misuse of the card, you should
> really restrict access to it. As it is now, it is perfectly possible
> that some user passes a bogus video.addr to the card instructing
> it to dump data onto memory at random places ? There is no checking
> whatsoever... That's in my opinion a big security hole.

Passing whatever address you want to the bt848 is not a security 
hole if people are so concerned about it then just add appropiate
permissions to /dev/bktr* .

Typically Luigi, if it is for development the code is wrapped around
a #ifdef ;however, if you feel like you have a genuine usage for
your ioctl then I will be happy to have them committed.


	Cheers,
	Amancio