perms of /dev/uhid0
Mike Tancsa
mike at sentex.net
Wed Nov 26 07:48:09 PST 2003
At 10:28 AM 26/11/2003, Matt Piechota wrote:
>On Wed, 26 Nov 2003, Mike Tancsa wrote:
>
> > gastest# ls -l /dev/uhid0
> > crw-rw---- 1 root operator 122, 0 Nov 12 05:26 /dev/uhid0
> > gastest#
> >
> > Is it safe to chmod o+r /dev/uhid0 ? Or is there a better way to drop
> > privs of the daemon yet still be able to read from the device ?
>
>Maybe I'm a bit off, but: wouldn't it be okay to 'chgrp upsmon /dev/uhid0'
>in usbd.conf, and make a upsmon user and group to run the daemon under?
I know for our setup, there is nothing else that would need to talk to this
device so I could do something like that. Not sure of the implications if
someone unplugged the UPS and put their own device into the port. The
physical server is in a locked box, but the UPS is not. So if they somehow
managed to blow up the daemon by overflowing a buffer, it would be nice
that its a non root user. However, I do not try and read more than
sizeof(buffer) so I dont see any obvious ways...
---Mike
More information about the freebsd-security
mailing list