I'm new to web applications as well, hence the question. Clarification question: When using the web sockets protocol, the client and server are running on two different pieces of hardware, correct? If so, that's great, because this is the general direction I am heading in with this exercise, however (and I should have been clear on this) my current situation is that I am hosting the php page on the bbb in the /home/ubuntu/public_html folder with the binary executable in that folder as well. In this case, would it be best to do what Rusty suggested and create a group with write permissions to the device nodes and a udev rule that set up the devices to have write permission by that group?
I would like to explore both options. After a quick Google search on web sockets, I came across libwebsockets. Would this project implement the web socket protocol you mentioned? Any suggested reading material (even if I need to buy it) would also be appreciated. Thanks again! Jake On Tuesday, February 11, 2014 4:16:47 AM UTC-6, Jack Mitchell wrote: > > On 10/02/14 21:34, William Hermans wrote: > > Jack, > > > > Ok perhaps I am missing something, and I by no means mean to be > > adversarial here. I am just curious, so If i am missing something > > please feel free to enlighten me. > > > > What is the difference between using setuid(0) and having a web socks > > app running the app ? > > The web socket doesn't run the app, the app is always running, probably > started as a daemon from the init system, and accepts messages from the > web socket. Therefore there is no direct execution of a setuid binary > from the web interface. > > > Here is my thinking. If you write the app/service > > correctly, all anyone is going to be able to do is switch on / off an > > LED. Yes, perhaps you do not want *EVERYONE* doing this, but how will > > this solution solve that specific problem ? Unless I am missing > > something . . . nothing can, short of having a user login screen for the > > web interface. > > The issue isn't really with _who_ turns the LED on and off, that is a > application specific decision. The issue is with the ability to control > and execute a setuid binary from a possibly insecure, maybe even on the > open web application. > > Cheers, > > -- > Jack Mitchell ([email protected] <javascript:>) > Embedded Systems Engineer > Cambridgeshire, UK > http://www.embed.me.uk > -- > -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
