[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gphoto
Subject:    Re: [gphoto] Alternative way of setting usb user permissions for gphoto
From:       Hans Ulrich Niedermann <gp () n-dimensional ! de>
Date:       2002-08-25 14:42:16
[Download RAW message or body]

Renchi Raju <renchi@green.tam.uiuc.edu> writes:

> > 1. This isn't easier to set up.
> 
> I never claimed that it is easier to setup. 

Good. Then we agree that the one advantage any alternative method
may have over linux-hotplug is not to be found here. 

> > 2. This makes it possible for anybody with "camera" access to muck
> >    around with *ANY* USB device.
> >
> > If you start doing stuff like that, I suggest running everything as
> > root. And you won't need passwords either.
> 
> i am not really sure how exactly this is a security risk. I could be wrong and 
> if so, anyone please correct me. what is wrong with a user getting 
> permissions to handle all usb devices. Unless in case you want a specific 
> user to handle only a specific device, in this case a camera.

Any member of the "usb" group will have unconditional access to any
device attached to the USB bus. Regardless of whether this is a
camera, a keyboard, a mass storage device, a smart card reader, a
robot control device, or whatever else.

And then a bug in any application accessing USB devices may do
arbitrary things with arbitrary devices - even if you only wanted to
access your camera in the first place. Tough luck.

And as there is no need for and not even an advantage in convenience,
I don't think this method should be promoted.

> > People who know enough about the security implications of this method
> > are able to find out how to do that on their own.
> >
> > And I will not provide the rope for everybody else to hang
> > themselves.

People who know what they are doing are free to do that - and they
won't even bother to read our documentation anyway.

But we describe the permission setup for people who do *not* know what
they are doing. And so we tell them what they have to do to get best
result for themselves with respect to both usability and security - at
no additional cost compared to more insecure methods. 

> Hans, i respect you for all your contributions to gphoto. Don't make
> me loose that respect

Hmm? OK, I rather harshly disqualified your solution. I didn't intend
to disqualify you as person. But I thought to better say something
before somebody starts to believe that granting access to all USB
devices gives them any advantage.

Gruß,

Uli

-- 
See also: |                  http://n-dimensional.de/projects/digicam/
----------+         http://www.teaser.fr/~hfiguiere/linux/digicam.html
#gphoto on irc.openprojects.net          http://sf.net/projects/gphoto
http://sf.net/projects/libusb           http://sf.net/projects/libexif
[prev in list] [next in list] [prev in thread] [next in thread]