perms of /dev/uhid0
Mike Tancsa
mike at sentex.net
Wed Nov 26 08:37:45 PST 2003
Actually, I was reminded off list that I can drop privs after I open the
device. eg
fd = open( devname, O_RDONLY );
if( fd < 0 ) {
perror( "open" );
return -1;
}
/* when we get a SigUSR spit out to syslog the current battery
level */
signal(SIGUSR1, handleSignal);
if (!(pwent = getpwnam("nobody")))
{
fprintf(stderr, "There must be a user called nobody for
this program to work!");
exit(1);
}
else if (setuid(pwent->pw_uid) == -1)
{
perror("Can't drop privileges");
exit(1);
}
Thanks to all who responded!
---Mike
At 10:53 AM 26/11/2003, Mike Tancsa wrote:
>At 10:28 AM 26/11/2003, Matt Piechota wrote:
>>On Wed, 26 Nov 2003, Mike Tancsa wrote:
>>
>> > gastest# ls -l /dev/uhid0
>> > crw-rw---- 1 root operator 122, 0 Nov 12 05:26 /dev/uhid0
>> > gastest#
>> >
>> > Is it safe to chmod o+r /dev/uhid0 ? Or is there a better way to drop
>> > privs of the daemon yet still be able to read from the device ?
>>
>>Maybe I'm a bit off, but: wouldn't it be okay to 'chgrp upsmon /dev/uhid0'
>>in usbd.conf, and make a upsmon user and group to run the daemon under?
>
>I know for our setup, there is nothing else that would need to talk to
>this device so I could do something like that. Not sure of the
>implications if someone unplugged the UPS and put their own device into
>the port. The physical server is in a locked box, but the UPS is not. So
>if they somehow managed to blow up the daemon by overflowing a buffer, it
>would be nice that its a non root user. However, I do not try and read
>more than sizeof(buffer) so I dont see any obvious ways...
>
> ---Mike
>_______________________________________________
>freebsd-security at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
More information about the freebsd-security
mailing list