[pvrusb2] Re: Why sysfs only root-writeable?

Mike Isely isely at isely.net
Fri Sep 2 16:26:31 CDT 2005


On Fri, 2 Sep 2005, Manuel Stumpf wrote:

> Hi Mike,
>
>  I have a VDR (www.vdr-portal.de , sorry German) running with PVR USB2.
> The program runs as a normal user. This causes problems because on my
> system all sysfs-data is only writeable by root. Could this be changed?
>
> Thanks for this driver,
>  Manuel
>

Manuel:

I'm sure it does cause problems.  But there isn't a better solution at the
driver level at least that I can implement.  Think about this for a
minute: The only thing the driver can do is assign the uid, gid, and file
mode to those files.  The driver has no way of knowing about legitimate
uids and gids beyond 0 - there's no kernel-relevant, distribution
independant means for assuming for example the value for a "pvrusb2" gid -
so the owner and group can be nothing but root.  The file mode goes
directly to the security of the device.  There are things that can be done
here to trash the device and maybe screw up your system.  So do you really
want those things to be world-writable?  Doing that would violate basic
Linux/Unix security principles.  So the only real choice is that it must
be only root accessible, hence the permissions you see here.

I don't have any control over how VDR uses the device; I have nothing to
do with that project.  Likewise, it isn't fair either to tweak the driver
to use whatever uid VDR might run as because that will just make things
worse for other projects using this driver.

Given all that, then there are two approaches towards a solution.  (1) The
pvrusb2 driver invents its own policy / authentication framework to permit
non-root access (somehow) to those files.  (2) The application implements
some mechanism to elevate itself to root when it wants to operate the
driver.

Option (1) really isn't an option because that's really a big thicket of
issues that a hardware driver should have no business getting into.
Option (2) is far more possible, and is pretty much what any Linux
application usually is going to do if it has to access hardware interfaces
an still be operable by a non-root user.

Maybe with an SELinux enabled kernel more might be possible, but certainly
not without a lot of work, and that still won't help without all the other
stuff that SELinux brings with it.

  -Mike

-- 
                        |         Mike Isely          |     PGP fingerprint
     Spammers Die!!     |                             | 03 54 43 4D 75 E5 CC 92
                        |   isely @ pobox (dot) com   | 71 16 01 E2 B5 F5 C1 E8
                        |                             |


More information about the pvrusb2 mailing list