Why are you asking ? Do you wish to know to learn more and tighten up security on your own BBB, using one of the Demo images ? Or are you looking for ideas on how to increase security for your own images ?
The reason I ask is because I have given this a lot of thought for the last year or so myself, and have some ideas of my own. However, since file access for certain I/O will have to be as, or from root. There will always be some level of insecurity. You can do IPC between root, and a regular user, but in the end you'll still have access to the device(s). hosts.allow/deny could be used to some degree as well, but is also depreciated. Nodejs can run on some port 3000 or higher, and IPTables can be used to route packets from port 80 . . .etc, etc. On Sun, Aug 10, 2014 at 12:47 PM, Mike Erdahl <[email protected]> wrote: > How are folks accessing the GPIO channels using bonescript without > changing file ownership, permissions, or running node with sudo? > > Secondly, how is beagleboard.org accessing the GPIO channels in the > digitalWrite example through the web example: > > http://beagleboard.org/Support/BoneScript/demo_blinkled_external/ > > Both the .dtbo files and gpio exports in /sys/class/gpio created by this > example are owned by root! How is it possible for a web application to > create a file as root on the beaglebone, in a folder owned by root? If > there is not some cool sourcery working behind the scenes, I can only > assume there is a massive security hole being exploited for this to work. > > > -- > For more options, visit http://beagleboard.org/discuss > --- > You received this message because you are subscribed to the Google Groups > "BeagleBoard" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
