Date: Tue, 26 Feb 2019 17:25:56 -0500 From: "Farhan Khan (F8DA C0DE)" <farhan@farhan.codes> To: freebsd-hackers@freebsd.org Subject: Default Yubikey dev permissions Message-ID: <0DC6D5F3-6FCB-427C-AD73-FD561105AFC7@farhan.codes>
next in thread | raw e-mail | index | archive | help
Hi all, I am experimenting with a Yubikey, a consumer grade smart card that stores= certificates and passwords=2E I found that running 'gpg --card-status' does not work without root access=2E By default /dev/usb/0=2E2=2E0 (my yub= ikey) permission is 0600, owned by root=2E Without changing these permissio= ns, the normal users would not be able to access the device=2E Of course making the permissions too broad leaves it open to a rogue user = with any terminal access (ie, via SSH)=2E However, it is still protected by= a 6-digit pin that will lock out after a default of 3 failed attempts=2E Is it worth opening up the default permissions? Thoughts? --- Farhan Khan PGP Fingerprint: 1312 89CE 663E 1EB2 179C 1C83 C41D 2281 F8DA C0DE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0DC6D5F3-6FCB-427C-AD73-FD561105AFC7>