From owner-freebsd-hackers@freebsd.org Tue Feb 26 22:26:23 2019 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 911AB1505E19 for ; Tue, 26 Feb 2019 22:26:23 +0000 (UTC) (envelope-from farhan@farhan.codes) Received: from mail.farhan.codes (mail.farhan.codes [155.138.165.43]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 024A476690 for ; Tue, 26 Feb 2019 22:26:21 +0000 (UTC) (envelope-from farhan@farhan.codes) Received: from [100.70.7.47] (unknown [174.204.46.90]) by mail.farhan.codes (Postfix) with ESMTPSA id F116392C2 for ; Tue, 26 Feb 2019 17:26:13 -0500 (EST) Date: Tue, 26 Feb 2019 17:25:56 -0500 User-Agent: K-9 Mail for Android MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Autocrypt: addr=farhan@farhan.codes; keydata= mQGNBFxxsfABDADCRCOySkLURm2MBR0umPi4d8t2ZczsEEILmO9ZDINRuOPtuMCoxSn1o2zNdarL uWRrp/KByPCqV0mzxEFSEjEnuUvpGG5WunlwwOK96xZ2HZhhkiSB6rat1ZgTbtGT+u8YCAyL47vH z9kLvl7E5GQuMLy1LGezeFo6UBIqNFLUCqNpYEhBVOkjpQ9HCU7KuX9BIfU3ud80ACXCyaOSx/Np fFdW1hIPmlEjGLbYjKdTYxrWxN5Ni7lRXWClkHfLHYvDhe8jEPzu5SbHzMf3riIdQK4qm3x9m8W+ BnOZlcCmErYpnGW2NJRb6QLWCdhab7zBO4Z4C7wdRkJTQi8mfzPEjNHDTxvGaB68VyhX7uAte3Rt NrM16DNznUBaydOQOMUrH7vt8oGtAsi9HceQuxYZoJCAgRLBeQYrTfgXP05vsMDX6/mgFb+hpQ3z ZAgpXPtQ0rMM9tnhVv/xrFyOjZxjlpRC0kdwOtAwsVCUDwuuqzFpBmfymAzfqpx7vV+hof0AEQEA AbQhRmFyaGFuIEtoYW4gPGZhcmhhbkBmYXJoYW4uY29kZXM+iQHUBBMBCgA+BQsJCAcCBhUKCQgL AgQWAgMBAh4BAheABQkDxECTFiEEExKJzmY+HrIXnByDxB0igfjawN4FAlxzjCACGwEACgkQxB0i gfjawN6ZgQv8CRKjaEYqdSGcS8QOgWf+8TH7H+DdyB+rRCEoIElPD0Nj+/BWtNtL1XcPNRwBXuni 8nT8bonb9oXk7nWeezbGqP1tuvyhQAISRwhEtFoJXI4u02ahs7IZElHto/yAo2AYMajv1fFdeJ/W um1aAZSn+XeOERFbqSbeDRwwTdpQ68vNp2Xd8kXA4mjfN8zMM0o9z6SWOUBRG71oFKnjBko8BE4W 2RzujIsoXWzAdMQOKwjPg6vBvEg7Mh8xs/EhJjqkCWKi783TifVEgXYd5SftyBbxHNBRYMs/gQja IFXVHQxVERAFdbnmgVyDcdM8MIMQwqq0bqD6ECjc7d/id3RsWM5M9lak+uDkH1jL6oKcHpPQic76 NR0fN+UIxIgQtQyz88PdB/xKrnSIldACzXrTGLAO7eLHyjW1n0mEymS4oX4OUuzDPfuanJ8kzguA yx+OBZiaAXdSXIaIvCr6mjT+ZmXPq1Ma2XfyFgmqMfXJjytAorV4s28lTu2YCBt499jiuQGNBFxz h40BDADhEpsklfV6079ONdTdgLIwaUZNslZEPRKzL3oAdygzH3VWnPa8Vco9etS40pjGf0HzeGJM +0m4vvxnlR1Gsn09FElraOFMzoKiubyaWimB7ATohuQMp5F1ralP4zac5vTbvVk7Cxi82/9P387e JbxFUfi1Dm01UsvHmfOhgk6ya2U8QOLY0AuMkYkgJ0AJSZEsowhyk8hHfD7O45mXm+cgWurdbyM6 2qk39Dod0lonVJYrPULstfE/zcefuo+9JVoEw316fY5lGmo/3DSG7vHC4kogqpSm6XlQ/T37K37r b7lrhzE6seV6PKpI06Y9W23DZDKcCgKKYei9XMllqYgo6cug9HdlLVsWDe+Q8QNnB/ZXo3htG6pC bDoGXCqjmZOB5hNfeiGeKNod8HW7inzTzN4sSv6fKH02qUI5ZCmANHJvwq1OZEJ/7vsC8VFhA7tt TuehHl38xVUgLLuVyxoGe5ZcpGg1wvSURmc7BMB8WWEDCQZqSaTVqibv5o323jkAEQEAAYkBvAQY AQoAJhYhBBMSic5mPh6yF5wcg8QdIoH42sDeBQJcc4eNAhsMBQkDwmcAAAoJEMQdIoH42sDevfQL +gJsIqCCEZ3B3kETlw7KbM4AJlQWB5txVyrhSb8XV7p/7EQkYIGqkkWfBphF/KYRD//SkzNkjTmt Uum9iNiRjGE25s1sqdcG0Cj9pFjqbgf/XFFLi9Zj1RbnVDRtr8q32D9QPEb1hpriBAX9tvxxRXI4 MGO9IiyxrOZatoOkTHTm4dwTQuRMovEUYbk+D6+2GazExkmv3wIwz7hUjCLKw8yqHEl5R7clHu9o aLsBcAMcPAnPnMC6Z5fsqP1VHgFbxv5POhoHmuexC+VGgooMDgkw5bCnoqC6+wWBrzKtWb48I2U3 fSpO29Ij4WrfURwg4//d0IupixIVr0AAp2SG7HJBYeepqu4CuiamjfG2K7eufCDnFghtQGyfUYF2 yKzPXeqx8QzRY5Wa8mIRs9AIfuPtqMGK17TBz2uG7IVEyqhinAMm67FkCCutq25/vO8sPYOn6OcE lmGNpNs9IBn6EHWXBWUJz3l9ri3pbTQz0wMcdiV3xg5aYLFlKiEO+9cjnrkBjQRcc4dtAQwAs+l5 5aSkGbQyU7RYQ0CT6I3llEymIUZzlZieH3A6E4U2gwqOtmm3ZGFJwt0jTw924786Bi9Gw89VmID5 32QU4ujEl62f0tZjT4VRDaOWBoCIfAhBv2SGhanxYzNR3tLBjWpzU+S8PytgZVLba3akGRx4x9RB Ky98IXdPbEyP/0MQGQrwisv0/dc5n7VIX1OTIPXz7Q6/znSo/YJIdgmsoeho8SyyODwRK8KoN6Pf WpMXuV0ngIWi3Jrf1bcQH9FfpcmZJHeoJJne+UQCPPUncTIONMdupFB3USmoMgn5eCub1WH0/ubC QAwoGWIhAlNT8SS0v3PFyH7ztR4QZhmu4r26zouxN3DKh40QE1o6TZPj+JJzvcCmW6AqZSVE8TCr wGR7xutPnOgbWNV5uD/h1fldjie1JCUmCUG61NM+abxSzA5ZFlD/eLFinXghNE126LIchPbPztKx xW58tbktsGd8rxkMz0mdf0Z3DmIBJ/ycT3eC8F/0HGNb0DMxKvLzABEBAAGJA3IEGAEKACYWIQQT EonOZj4eshecHIPEHSKB+NrA3gUCXHOHbQIbAgUJA8JnAAHACRDEHSKB+NrA3sD0IAQZAQoAHRYh BBvMxAW2W0pHa/Ld3mTWKirQ06K1BQJcc4dtAAoJEGTWKirQ06K1pqAL/0Bxd+EVIOgBqsQjn4ot W8auI0vm/irSgOwMzqQewhNHxPtr87w1sQ0Uv36wfDCBaAydlWOAmtCqsJOz4745sNSQXtCvL4/b F1uSCNXpGBO3+t2w4DxJ46RvKXcW6HAFtBahDAHoZUzHTQCzV1AfIwl/UhXs8rSGKfzESehkINEQ 4bHpAjqGJFmfvcFcssnwWW1/pXmE7PWDGlIL6+RTWtWiZ3QBXAQY8KDYVM8FloKSNGVobPWGgemv 9iBJIekIVFVU/44FDc8sqtxBVQ7nRqvxaOznrweqm1WZT3Bi9ZT8V2hVn2j8fiEDT+PiwggilWFP Or1mJ4Mer0rYK7tjiMeLeH+tj1evGCoc5hzkEN6MKXn9+UFkEhXagXAIS2V00RJZ9pJlLOrebJyM N0HDrOdaawmuriKghsrJUvJfPY8q+9/Plop52YZkFqFIpF85KuGPQpQEY7uG5OGv+TxHjyoF74jY qzdgpDjmAPqTTHqNIU37iR/HTWapyPLfDv+sFVosC/9f2ncNepVG/crCND/NqaSAtFZm4ETcW40+ zpbX5T7JLW4P4RgejryU5AV1Rrnhie/cTuQpfMOy3yWqPgMWY/3d/u7p3RM6O3nLha9K6x7u8VL+ E2/NpF/zSQfMqfyHKnXDGHwIoXUJPnX9oX3oGw8e+w9BpzS+n6by2qt4e93PWmCUfrcmjUQ9fbu2 lt1Hl8gfQFRhlRgZ76Wisv6sGVYBhgxQCodEEju21bT/keRHH/ptfV2V28vxzT0ItSAQmU4JNTOA 1tnDTnoLLce2w3DMp3trrk9HN3B21SieLs4rY5IRC6LG+u689QRShHtas7AUahSFIQd327aOE9NQ Jk2VsgKfRAkvVPHs3bhfo0NewhJJzDNrFCnnx0SO7WX9YuKpBrUSu7drEKx5SeDTGlNor3jBfICP IUQf+OKcxCvPCG4LKcPKX6lBWbkHIshZCHYRubJvkz3H51V0PIsEqUZxY+n1PJlLkhP1LoCxBq8T 00e2PbRSzZObRGxS4RS8M+8= Subject: Default Yubikey dev permissions To: freebsd-hackers@freebsd.org From: "Farhan Khan (F8DA C0DE)" Message-ID: <0DC6D5F3-6FCB-427C-AD73-FD561105AFC7@farhan.codes> X-Rspamd-Queue-Id: 024A476690 X-Spamd-Bar: - X-Spamd-Result: default: False [-1.88 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[farhan.codes:s=mail]; NEURAL_HAM_MEDIUM(-0.93)[-0.933,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; NEURAL_SPAM_SHORT(0.94)[0.940,0]; DKIM_TRACE(0.00)[farhan.codes:+]; DMARC_POLICY_ALLOW(-0.50)[farhan.codes,reject]; MX_GOOD(-0.01)[mail.farhan.codes]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(0.12)[asn: 20473(0.69), country: US(-0.07)]; ASN(0.00)[asn:20473, ipnet:155.138.160.0/20, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Feb 2019 22:26:23 -0000 Hi all, I am experimenting with a Yubikey, a consumer grade smart card that stores= certificates and passwords=2E I found that running 'gpg --card-status' does not work without root access=2E By default /dev/usb/0=2E2=2E0 (my yub= ikey) permission is 0600, owned by root=2E Without changing these permissio= ns, the normal users would not be able to access the device=2E Of course making the permissions too broad leaves it open to a rogue user = with any terminal access (ie, via SSH)=2E However, it is still protected by= a 6-digit pin that will lock out after a default of 3 failed attempts=2E Is it worth opening up the default permissions? Thoughts? --- Farhan Khan PGP Fingerprint: 1312 89CE 663E 1EB2 179C 1C83 C41D 2281 F8DA C0DE