My comments are really to do with what I perceive as best practices on how one would approach building systems that are "security conscious". Of course, "convenience" may direct us in different directions during development. I am not sure what you are trying to imply by "safe" as in protecting the GPIOs from misuse. I don't actually see any way to accomplish that. What I do think one can do is to be aware of security considerations and not unnecessarily present an attack surface that can compromise the entire system.
*Using sudo seems much less secure as it exposes the application to being >> exploited for security flaws. And since the application is running as root, >> it has access to everything.* >> > > So, we have a device on a system that can potentially cause physical > damage to external hardware when something like a wrong GPIO state is > toggled, or such. How would sudo be less secure in this context? > It wouldn't. And that is not my point. I am not talking about how to protect the GPIOs from "bad behaved" programs that are "trusted" as implied by the fact that they are running as a normal user in the group that has access to those GPIOs. If an application is trusted (is a member of the appropriate group or for that matter can sudo), it is a hopeless task to protect the GPIOs from misuse. What I am trying to point out is that running an app as "root" (sudo, set uid, whatever) exposes a security attack vector...a vector that has access to _all_ system resources. I would claim that it is an unnecessary exposure...from a security point of view. YMMV when it comes to "convenience". > In fact under certain conditions it would be less safe using groups. > How would an application running at a non-root level using groups to access protected resources be less "safe" than an application running as root using sudo? > > Also, "root has access to everything" is wrong. Reread what I've written > above about running specific commands through sudo. > Errr, an application running as root, by definition, has access to _all_ system resources. The fact that you are limiting just a single application/user to run sudo doesn't limit the attack surface for that application. If your root application is compromised in some way, then the entire system can be compromised. Running as a normal user does not present the same attack surface...its much smaller and sandboxed by the kernel. Running as root affords no protection enforcement by the kernel. ba > > On Fri, Feb 5, 2016 at 6:05 PM, Brian Anderson <[email protected] > <javascript:>> wrote: > >> Err, why? >> >> Groups are frequently used to restrict access to resources. Android >> exploits groups for permissions and to sandbox applications. And the >> kernel enforces access. >> >> Using sudo seems much less secure as it exposes the application to being >> exploited for security flaws. And since the application is running as root, >> it has access to everything. >> >> But maybe I'm missing something? >> >> ba >> >> -- >> For more options, visit http://beagleboard.org/discuss >> --- >> You received this message because you are subscribed to the Google Groups >> "BeagleBoard" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
