Date: Tue, 26 Feb 2019 17:25:56 -0500 From: "Farhan Khan (F8DA C0DE)" <farhan@farhan.codes> To: freebsd-hackers@freebsd.org Subject: Default Yubikey dev permissions Message-ID: <0DC6D5F3-6FCB-427C-AD73-FD561105AFC7@farhan.codes>
next in thread | raw e-mail | index | archive | help
Hi all, I am experimenting with a Yubikey, a consumer grade smart card that stores certificates and passwords. I found that running 'gpg --card-status' does not work without root access. By default /dev/usb/0.2.0 (my yubikey) permission is 0600, owned by root. Without changing these permissions, the normal users would not be able to access the device. Of course making the permissions too broad leaves it open to a rogue user with any terminal access (ie, via SSH). However, it is still protected by a 6-digit pin that will lock out after a default of 3 failed attempts. Is it worth opening up the default permissions? Thoughts? --- Farhan Khan PGP Fingerprint: 1312 89CE 663E 1EB2 179C 1C83 C41D 2281 F8DA C0DE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0DC6D5F3-6FCB-427C-AD73-FD561105AFC7>