Stuart Henderson <[email protected]> wrote: > > I don't know if this matters, but for even ykinfo(1) (in the ykpers port) > > to work, I had to: > > # chmod g+w /dev/usb1 > > # chmod g+rw /dev/ugen0.00 > > Known problem, there's no nice way around it though. The standard model > used on most OS of controlling many simpler USB devices from a low > privileged userland process does not work too well with the approach > in https://cvsweb.openbsd.org/src/etc/MAKEDEV.common#rev1.105 > > afaik the options for this are chmod, run as root, or write a driver that > works similar to fido(4) and modify the existing software that interfaces > with the device to use that instead (I guess for yk it will need a way to > hook into the keyboard driver too for the usual button-press keyboard > emulation otp mode).
The situation is stupidly unworkable. a+rw makes these systems single-user. Worse, it means any application can touch the usb devices. The people who added direct-usb control to Unix completely screwed up by deciding to ignore *all security considerations*. It is beyond laughable. So recently we locked up all the nodes. Seeing this in a conversation about adding pledge, makes it clear how few people understand the blend of high-level and low-level components, and it increases me doubt about the future of mankind.
