Hi,
On 07/12/2013 04:50 PM, Alan Stern wrote:
On Fri, 12 Jul 2013, Hans de Goede wrote:
For certain (HP) printers the printer device_id does not only contain a
static part identifying the printer, but it also contains a dynamic part
giving printer status, ink level, etc.
To get to this info various userspace utilities need to be able to make a
printer class 'get_device_id' request without first claiming the interface
(as that is in use for the actual printer driver).
Since the printer class 'get_device_id' request does not change interface
settings in anyway, allowing this without claiming the interface should not
cause any issues.
Are there any security implications to allowing any user on the system
to send a get_device_id request to a printer while it is in the middle
of a print job?
To the best of my (limited) knowledge, no. As you indicated in the thread
about this on the libusb list, some devices are known to have firmware bugs,
which cause them to drop bulk-transfers when a ctrl transfer issued while
a bulk transfer is in progress. So there could be a DOS issue, but such a
device can easily be DOS-ed with control-requests which don't require a
specific interface to be claimed, such as requests to get descriptors.
Also note that even after this patch, only users with rw access to the
relevant /dev/bus/usb/xxx/yyy node can issue a get_device_id request, and
if they have such access they can also detach any other driver and claim
the interface, so of they are malicious they can already issue such a
request. The problem is that for non malicious users detaching the driver
of another user is not really desirable / the right thing to do.
Regards,
Hans
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
