lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ac3eb2510905091000y4c7a6448uce799d00d500fffe@mail.gmail.com>
Date:	Sat, 9 May 2009 19:00:47 +0200
From:	Kay Sievers <kay.sievers@...y.org>
To:	Alan Stern <stern@...land.harvard.edu>
Cc:	Kernel development list <linux-kernel@...r.kernel.org>,
	Pantelis Koukousoulas <pktoss@...il.com>,
	USB list <linux-usb@...r.kernel.org>
Subject: Re: usbfs, claiming entire usb devices

On Fri, May 8, 2009 at 16:06, Alan Stern <stern@...land.harvard.edu> wrote:
> On Fri, 8 May 2009, Kay Sievers wrote:
>
>> You mentioned earlier, that you would need to match the holder of the
>> "lock" and the one that accesses the device?
>
> Yes.  That is, a process shouldn't be allowed to access a locked device
> unless that process is the lock holder.

You think the pid or the uid would make more sense?

>> Wouldn't it be sufficient already, if you can take a "lock" at the
>> specific port, that prevents the kernel to access the device when it
>> shows up?
>
> I don't know how the people requesting this feature would feel about
> that.  They seem to want to lock out other processes as well as locking
> out the kernel.

Might be useful, yeah. I could think of use cases where a specific uid
wants to lock a device, by holding the lock file open, and only the
same uid (could be a different pid) can claim the device from
userspace.

>> You thought of supporting a number of different users, with different
>> uids, or would that be a root-only action?
>
> A typical use case would be somebody running an emulator like QEMU.  In
> theory there could be multiple QEMU processes running concurrently,
> each owning a different set of ports.  The uids might be different or
> they might all be the same.
>
> Setting the lock permissions would be up to userspace.

Yeah, sounds fine.

Kay
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ