Date: Mon, 03 Nov 1997 23:05:05 -0800 From: Amancio Hasty <hasty@rah.star-gate.com> To: Luigi Rizzo <luigi@labinfo.iet.unipi.it> Cc: jonny@coppe.ufrj.br (Joao Carlos Mendes Luis), multimedia@FreeBSD.ORG Subject: Re: A small addition to the bt848 driver... Message-ID: <199711040705.XAA13741@rah.star-gate.com> In-Reply-To: Your message of "Tue, 04 Nov 1997 05:08:51 %2B0100." <199711040408.FAA19059@labinfo.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
> >
> > #define quoting(Luigi Rizzo)
> > // if (write) {
> > // i2cWrite( bktr, i2c_addr, i2c_port, data);
> > // } else {
> > // data = i2cRead( bktr, i2c_addr);
> > // }
> >
> > Is there something harm that a mortal user could do using direct
> > access to i2c bus ? If so, consider checking for root privs.
> > This seems to much of low level access to allow to everybody.
>
> reading is harmless, writing _could_ be dangerous if it tries to
> scramble the content of the EEprom. But a simple check on i2c_addr
> to deny access to the eeprom (or perhaps even to the tuner) should
> solve all problems.
>
> I agree that this should not be there, and we ought to have higher
> level calls to perform functions, but this code is meant mainly for
> development purposes.
>
> > chmod'ing the device may not be an option. I would not want
> > every bt848 program to be suid either. And depending on the
> > power of i2c (think hardware debug), fbtab is not an option
>
> are you sure you are not confusing i2c with something else, e.g.
> JTAG ?
>
> In any case if you are so worried about misuse of the card, you should
> really restrict access to it. As it is now, it is perfectly possible
> that some user passes a bogus video.addr to the card instructing
> it to dump data onto memory at random places ? There is no checking
> whatsoever... That's in my opinion a big security hole.
Passing whatever address you want to the bt848 is not a security
hole if people are so concerned about it then just add appropiate
permissions to /dev/bktr* .
Typically Luigi, if it is for development the code is wrapped around
a #ifdef ;however, if you feel like you have a genuine usage for
your ioctl then I will be happy to have them committed.
Cheers,
Amancio
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711040705.XAA13741>