On Fri, 12 Jul 2013, Hans de Goede wrote: > > Are there any security implications to allowing any user on the system > > to send a get_device_id request to a printer while it is in the middle > > of a print job? > > To the best of my (limited) knowledge, no. As you indicated in the thread > about this on the libusb list, some devices are known to have firmware bugs, > which cause them to drop bulk-transfers when a ctrl transfer issued while > a bulk transfer is in progress. So there could be a DOS issue, but such a > device can easily be DOS-ed with control-requests which don't require a > specific interface to be claimed, such as requests to get descriptors. > > Also note that even after this patch, only users with rw access to the > relevant /dev/bus/usb/xxx/yyy node can issue a get_device_id request, and > if they have such access they can also detach any other driver and claim > the interface, so of they are malicious they can already issue such a > request. The problem is that for non malicious users detaching the driver > of another user is not really desirable / the right thing to do. I had in mind something more like one user reading the contents of another user's print job. Does get_device_id expose a significant amount of information of that sort? Alan Stern -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
