3. Usbfs is a security problem and needs filtering of control requests. You can use it to set a device to an occupied address thereby crashing any device.
The issue is a general one with control requests. SET_ADDRESS is an interesting example, where pre-filtering ought to reject requests.
But there are similar issues for SET_CONFIGURATION and SET_INTERFACE, both of which affect usbcore deeply enough to oops drivers that don't use the "approved" API calls.
OK. How about anything but vendor specific requests needing CAP_SYS_HARDWARE ?
No, that couldn't address the problem of buggy drivers. And SET_INTERFACE shouldn't need privileges; it's used for routine operations.
The "usbfs" driver can do more internal checks, but I don't think there's a good way to catch buggy drivers that craft their own SET_* calls instead of using the usbcore calls for it. We should specify that as being illegal behavior.
- Dave
------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The best thread debugger on the planet. Designed with thread debugging features you've never dreamed of, try TotalView 6 free at www.etnus.com. _______________________________________________ [EMAIL PROTECTED] To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
