-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 19 Apr 2001, Seagull wrote:
>
> Greetings,
>
> In looking through freebsd.c in the 0.1.3b release of libusb, I see that
> the function enable_ep_open() that has been added.
>
> The purpose of this function seems to be to make sure that the USB
> device's endpoints are opened when a bulkd read or write operation is
> requeted, and open those devices if they are not.
>
> The USB devices are generally owned by root, mode 600, which means that
> the end application is probably going to be running SUID root. Any
> reasonable developer is going to drop root priviledges once they are
> no longer needed...which would probably be immediately after calling
> usb_os_open().
I think the best way to fix this is to recommend, in the README, that users
chown or chmod the ugen devices in such a way that non root users can access
them.
On my system i use xdm to log in, and in my
/usr/X11R6/lib/X11/xdm/GiveConsole i've got:
chown $USER /dev/ugen*
(and similar for fd and cd), so anyone logging in on the 'console' gets
access to localy attached ugen devices.
It's going to be much eaiser and safer for everyone involved to get the user
to change the perms on the ugen devices, and they are going to be root when
we install the lib anyway (we could even do a chmod for them when they make
install).
> As such, the calls to ensure_ep_open() in usb_bulk_read() and
> usb_bulk_write() are not going to be of value, and may actually cause
> problems. You basically have two scenarios:
>
> 1. The end developer drops root priviledge after usb_os_open().
> As such, if the endpoints somehow get closed, the call to
> ensure_ep_open() will fail to re-open the pipes because the
> proess does not have sufficient permission. The net effect
> is zero...as if ensure_ep_open() did not exist at all.
>
> 2. The end developer, seeing what usb_bulk_read() and usb_bulk_write()
> are doing, switches back to root every time one of these calls
> are made (!) or just doesn't bother with it, and holds on to root
> for the entire program (!!).
>
> #1 is zero-gain programming (why have ensure_ep_open() if it will always
> fail). #2 is forcing the end developer to either hold on to root, or
> constantly switch back and forth. This makes, at the very least, for
> more complicated programming, and possibly even for insecure programming.
>
> I recommend that ensure_ep_open() be dropped from the BSD port.
>
>
> Cheers,
> -+JLS
>
>
- --
"The aurochs was the great, black bull that was painted on cave
walls alongside bison and mammoths by tacky prehistoric minimalist
artists who had no sense whatsoever of modeling or perspective."
[see: http://www.aristotle.net/~swarmack/aurochs.html] [0x2ECA0975]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (NetBSD)
Comment: For info see http://www.gnupg.org
iQEVAwUBOuAgJQCB+Qwuygl1AQFCvQf+Ky/wKUnFg/Vdm9Pjw17scaZBpQ3uW8LA
afIeNQ5Xw/4K8KoJBgWJ1lxHMRR2NHD+uMNO8Jfj36ZmO8CXTArZB9Vw/YB6NAEE
A2CUzf20VMHlOBs+BbTB7h4j0JAsdn7eJZ4VxBb2RIJlJVDVl27mpglgl8nLy3aE
qM2AXm6AuWy480sNa69vC0ZpGVLfp/Gt8FWGq1Ia5hIUrPoghvF21SiObgTx8dYK
459cgF8VD3ZLuubTQiy4KE67fs/fL47v/mNkDx+NsYHCnmwM878SxOx0a4cMRGzc
377McrWpY3FFbahzu3uYBJPrvQ6Wp5YJPXWZqTwaof15XuXYD+6OqA==
=4fZo
-----END PGP SIGNATURE-----
|
