--- On Wed, 8/12/09, Greg KH <greg@xxxxxxxxx> wrote:
> From: Greg KH <greg@xxxxxxxxx>
> Subject: Re: USB on Linux question
> To: "Josh Evans" <joshevans99@xxxxxxxxx>
> Cc: linux-usb@xxxxxxxxxxxxxxx
> Date: Wednesday, August 12, 2009, 10:59 PM
> On Wed, Aug 12, 2009 at 03:22:48PM
> -0700, Josh Evans wrote:
> > Can a non-root user send reports and other stuff to
> the
> > control endpoint of a device on the USB bus?
> Does Linux
> > require root privileges to interact with USB
> hardware?
>
> It all depends on how your Linux system is configured.
>
> On a number of modern ones, the local logged in user can
> send and
> receive data to the control endpoint, but on older ones, it
> took an
> explicit udev rule to accomplish this.
>
> What specifically is the issue here?
It's a security issue.
What do you mean by "local logged in user"? Somebody
who is logged in front of the machine? Is there a difference
in priviledge between somebody who is logged in front of the
machine and somebody who is just remotely ssh-ed in?
The reason I ask is because at a warehouse, we have a
Fedora box that does the RFID access control. All it has
is an RFID reader and a USB device for unlatching the
magnetic lock, and the box logs the date/time that people
access the building.
The box is currently not on the internet, but there's an
unfortunate push to put it online and even have people
be able to open the front door using their iphone or
blackberry if they forget their RFID tag.
I am worried about somebody breaking into the box or the
web application and unlocking the front door.
Josh
>
> thanks,
>
> greg k-h
>
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
