Hi Johannes, > As far as I understand it, traditional security in Unix/Linux > (i.e. without additional stuff like AppArmor or SELinux) is > done by a separation by using different user accounts. > > Here changing the device file permissions is separated from > using the device file (under the given permissions) by using > different user accounts for the device file owner (the only > user account - except "root" - which can change the > permissions) and for those who should only use it. > > Therefore OWNER="johndoe", GROUP="lp", MODE="0666" > would also do this separation (now only "johndoe" and "root" > can change the permissions) but usually it is not desired > that "johndoe" can change device file permissions so that I > simply use the "default system owner" which is "root".
Good analogy - device file permissions for ownership is separate from device file permissions for using the device file (ie: group and other). Only the device owner has the right to change device file permissions. I plan on changing the OWNER="lp" to OWNER="root" in the 55-hpmud.rules file. > > > For MODE="0666" the crucial question is whether or not it is > > > possible that another user (e.g. someone who is logged in from > > > remote) can somehow eavesdrop when a (confidental) document is > > > printed or scanned. > > > > > > Is eavesdropping somehow possible with MODE="0666"? > > > > Given only one process can claim the USB interface for reading or > > writing, and claiming the interface is arbitrated by the kernel, I > > would say no other process could snoop the print job or scan job. > > Could you give me some more details what hpmud does to open > the device file so that I can let our security team have a > look at it or should they simply check all the files in io/hpmud/? Yes, all the hplip i/o code is in io/hpmud. For usb all i/o goes through libusb/usbfs. All read/writes to any end-point require a claim_usb_interface(). Once the interface is claimed all i/o to that interface is exclusive (ie: 7/1/2). Parallel i/o is similar. All hpmud parallel i/o goes through ppdev/parport. Before any i/o can take place PPCLAIM will claim exclusive access to the port (ie: /dev/parport0). -dave ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ HPLIP-Devel mailing list HPLIP-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/hplip-devel