On Wed, Aug 12, 2009 at 04:24:12PM -0700, Josh Evans wrote: > > > --- On Wed, 8/12/09, Greg KH <greg@xxxxxxxxx> wrote: > > > From: Greg KH <greg@xxxxxxxxx> > > Subject: Re: USB on Linux question > > To: "Josh Evans" <joshevans99@xxxxxxxxx> > > Cc: linux-usb@xxxxxxxxxxxxxxx > > Date: Wednesday, August 12, 2009, 10:59 PM > > On Wed, Aug 12, 2009 at 03:22:48PM > > -0700, Josh Evans wrote: > > > Can a non-root user send reports and other stuff to > > the > > > control endpoint of a device on the USB bus? > > Does Linux > > > require root privileges to interact with USB > > hardware? > > > > It all depends on how your Linux system is configured. > > > > On a number of modern ones, the local logged in user can > > send and > > receive data to the control endpoint, but on older ones, it > > took an > > explicit udev rule to accomplish this. > > > > What specifically is the issue here? > > > It's a security issue. > > What do you mean by "local logged in user"? Somebody > who is logged in front of the machine? Yes. > Is there a difference in priviledge between somebody who is logged in > front of the machine and somebody who is just remotely ssh-ed in? Yes. ConsoleKit handles this kind of thing. > The reason I ask is because at a warehouse, we have a > Fedora box that does the RFID access control. All it has > is an RFID reader and a USB device for unlatching the > magnetic lock, and the box logs the date/time that people > access the building. > > The box is currently not on the internet, but there's an > unfortunate push to put it online and even have people > be able to open the front door using their iphone or > blackberry if they forget their RFID tag. > > I am worried about somebody breaking into the box or the > web application and unlocking the front door. Yeah, that sounds like a real worry. Look at how ConsoleKit works for how to control this in a manner that would work out for you. good luck, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
