Changing permissions of /dev/usb[n] to 664?
Hans Petter Selasky
hselasky at c2i.net
Thu Dec 2 02:59:27 PST 2004
On Tue, Nov 30, 2004 at 01:48:37AM -0500, Craig Rodrigues wrote:
> On Sun, Nov 07, 2004 at 12:58:14PM -0700, M. Warner Losh wrote:
> > This looks good, but we should audit all the ioctls to make sure the
> > ones that modify anything have the proper checks to make sure the fd
> > was opened for write.
>
> OK. Here is another iteration of the patch.
> It does the following:
> - opens /dev/usb[n] as 664
> - puts suser() permission checks in the following paths:
> USB_REQUEST ioctl()
> usbpoll()
> usbread()
You don't need /dev/usb to be accessable by non-root users, to run usbdevs.
That way you only need to check suser() when unit == USB_DEV_MINOR.
usbpoll should return zero on error?
What if a user which belongs to the group "operator" tries to open /dev/usbX
and uses the ioctl USB_REQUEST?
>
> This is what a non-root user can and cannot do on /dev/usb[n]:
>
> Allowed
> =======
> USB_DISCOVER
> USB_DEVICEINFO
> USB_DEVICESTATS
> usbopen()
> usbclose()
>
> Forbidden
> =========
> USB_REQUEST
> usbread()
> usbpoll()
>
> The result of this patch is that a non-root user can
> run usbdevs without a problem.
>
> I also have a small test program where I tried running
> different ioctl's as non-root and this is the output I got:
>
> Executing ioctl(): USB_REQUEST Operation not permitted
> Executing ioctl(): USB_DISCOVER...OK
> Executing ioctl(): USB_DEVICEINFO...OK
> Executing ioctl(): USB_DEVICESTATS...OK
>
> Comments?
>
Yours
-HPS
More information about the freebsd-usb
mailing list