Date: Wed, 26 Nov 2003 10:53:20 -0500 From: Mike Tancsa <mike@sentex.net> To: Matt Piechota <piechota@argolis.org> Cc: freebsd-security@freebsd.org Subject: Re: perms of /dev/uhid0 Message-ID: <6.0.1.1.0.20031126104757.034e1988@209.112.4.2> In-Reply-To: <20031126102631.L16087@cithaeron.argolis.org> References: <6.0.1.1.0.20031126101602.06e8e9f0@209.112.4.2> <20031126102631.L16087@cithaeron.argolis.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:28 AM 26/11/2003, Matt Piechota wrote: >On Wed, 26 Nov 2003, Mike Tancsa wrote: > > > gastest# ls -l /dev/uhid0 > > crw-rw---- 1 root operator 122, 0 Nov 12 05:26 /dev/uhid0 > > gastest# > > > > Is it safe to chmod o+r /dev/uhid0 ? Or is there a better way to drop > > privs of the daemon yet still be able to read from the device ? > >Maybe I'm a bit off, but: wouldn't it be okay to 'chgrp upsmon /dev/uhid0' >in usbd.conf, and make a upsmon user and group to run the daemon under? I know for our setup, there is nothing else that would need to talk to this device so I could do something like that. Not sure of the implications if someone unplugged the UPS and put their own device into the port. The physical server is in a locked box, but the UPS is not. So if they somehow managed to blow up the daemon by overflowing a buffer, it would be nice that its a non root user. However, I do not try and read more than sizeof(buffer) so I dont see any obvious ways... ---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.1.1.0.20031126104757.034e1988>