Menu
▾
▴
Re: [HPLIP-Devel] HP Linux Imaging and Printing System (HPLIP) 2.7.10 Release
|
From: Suffield, D. <dav...@hp...> - 2007-10-24 19:00:42
|
Hi Johannes,=20 > As far as I understand it, traditional security in Unix/Linux=20 > (i.e. without additional stuff like AppArmor or SELinux) is=20 > done by a separation by using different user accounts. >=20 > Here changing the device file permissions is separated from=20 > using the device file (under the given permissions) by using=20 > different user accounts for the device file owner (the only=20 > user account - except "root" - which can change the=20 > permissions) and for those who should only use it. >=20 > Therefore OWNER=3D"johndoe", GROUP=3D"lp", MODE=3D"0666" > would also do this separation (now only "johndoe" and "root" > can change the permissions) but usually it is not desired=20 > that "johndoe" can change device file permissions so that I=20 > simply use the "default system owner" which is "root". Good analogy - device file permissions for ownership is separate from device file permissions for using the device file (ie: group and other). Only the device owner has the right to change device file permissions. I plan on changing the OWNER=3D"lp" to OWNER=3D"root" in the = 55-hpmud.rules file. > > > For MODE=3D"0666" the crucial question is whether or not it is=20 > > > possible that another user (e.g. someone who is logged in from=20 > > > remote) can somehow eavesdrop when a (confidental) document is=20 > > > printed or scanned. > > >=20 > > > Is eavesdropping somehow possible with MODE=3D"0666"? > >=20 > > Given only one process can claim the USB interface for reading or=20 > > writing, and claiming the interface is arbitrated by the kernel, I=20 > > would say no other process could snoop the print job or scan job. >=20 > Could you give me some more details what hpmud does to open=20 > the device file so that I can let our security team have a=20 > look at it or should they simply check all the files in io/hpmud/? Yes, all the hplip i/o code is in io/hpmud. For usb all i/o goes through libusb/usbfs. All read/writes to any end-point require a claim_usb_interface(). Once the interface is claimed all i/o to that interface is exclusive (ie: 7/1/2). Parallel i/o is similar. All hpmud parallel i/o goes through ppdev/parport. Before any i/o can take place PPCLAIM will claim exclusive access to the port (ie: /dev/parport0).=20 -dave=20 |
