From owner-freebsd-security@FreeBSD.ORG  Wed Nov 26 08:36:13 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CB3CF16A4CE
	for <freebsd-security@freebsd.org>;
	Wed, 26 Nov 2003 08:36:13 -0800 (PST)
Received: from gigatrex.com (saraswati.gigatrex.com [64.5.48.159])
	by mx1.FreeBSD.org (Postfix) with SMTP id 83B7043FBF
	for <freebsd-security@freebsd.org>;
	Wed, 26 Nov 2003 08:36:10 -0800 (PST)
	(envelope-from piechota@argolis.org)
Received: (qmail 10862 invoked from network); 26 Nov 2003 16:36:05 -0000
Received: from unknown (HELO cithaeron.argolis.org) (141.156.46.123)
  by saraswati.gigatrex.com with SMTP; 26 Nov 2003 16:36:05 -0000
Received: from cithaeron.argolis.org (localhost [127.0.0.1])
	hAQGa9pf023601;	Wed, 26 Nov 2003 11:36:09 -0500 (EST)
	(envelope-from piechota@argolis.org)
Received: from localhost (piechota@localhost)hAQGa8wJ023598;
	Wed, 26 Nov 2003 11:36:08 -0500 (EST)
X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing
	-bs
Date: Wed, 26 Nov 2003 11:36:08 -0500 (EST)
From: Matt Piechota <piechota@argolis.org>
To: Mike Tancsa <mike@sentex.net>
In-Reply-To: <6.0.1.1.0.20031126104757.034e1988@209.112.4.2>
Message-ID: <20031126113319.Q16087@cithaeron.argolis.org>
References: <6.0.1.1.0.20031126101602.06e8e9f0@209.112.4.2>
	<6.0.1.1.0.20031126104757.034e1988@209.112.4.2>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-security@freebsd.org
Subject: Re: perms of /dev/uhid0 
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2003 16:36:13 -0000

On Wed, 26 Nov 2003, Mike Tancsa wrote:

> I know for our setup, there is nothing else that would need to talk to this
> device so I could do something like that.  Not sure of the implications if
> someone unplugged the UPS and put their own device into the port.  The
> physical server is in a locked box, but the UPS is not. So if they somehow
> managed to blow up the daemon by overflowing a buffer, it would be nice
> that its a non root user.  However, I do not try and read more than
> sizeof(buffer) so I dont see any obvious ways...

Looking at /etc/usbd.conf, it appears that you can specify what USB Manuf
and Device ID the UPS is, so it'd only chgrp stuff when the device was the
UPS.  I suppose that wouldn't stop someone who changed their device IDs to
match the UPS, but that seems like a minimal risk.

-- 
Matt Piechota