OpenBSD's chromium port does not have usb support enabled and it might crash due to some calls to the USB codepath that is not disabled properly.
On (2015-08-11 20:20), Brandon Mercer wrote: > On Tue, Aug 11, 2015 at 4:15 PM Alexey Suslikov <[email protected]> > wrote: > > > On Tue, Aug 11, 2015 at 11:08 PM, Brandon Mercer > > <[email protected]> wrote: > > > On Tue, Aug 11, 2015 at 4:02 PM Alexey Suslikov < > > [email protected]> > > > wrote: > > >> > > >> On Tue, Aug 11, 2015 at 10:57 PM, Brandon Mercer > > >> <[email protected]> wrote: > > >> > On Tue, Aug 11, 2015 at 2:53 PM Alexey Suslikov > > >> > <[email protected]> > > >> > wrote: > > >> >> > > >> >> Hi ports@. > > >> >> > > >> >> Are these Chrome 40+ FIDO U2F Security Keys supported on OpenBSD? > > >> > > > >> > > > >> > There is a bug report opened: > > >> > https://code.google.com/p/chromium/issues/detail?id=451248 > > >> > > >> https://support.google.com/accounts/answer/6103523 says: > > >> > > >> "Requirements for using Security Key > > >> > > >> To use Security Key, you???ll need a computer running Google Chrome > > version > > >> 40 > > >> or newer on ChromeOS, Windows, Mac OS, or Linux". > > > > > > > > > Frankly, those requirements changed once bug reports started rolling in. > > The > > > first public statement I remember said, "a computer running chrome > > version > > > 39 or newer." Then the linux folks had issues and had to do some usb > > jumping > > > jacks, and then I opened that bug report, and then freebsd folks > > complained > > > as well. > > > > > > The issue I take to it is not just compatibility. There is a site out > > there > > > that crashes my browser by running javascript. Presumably malicious > > > javascript could do that anyhow, but this is being caused by one of their > > > own web applications. Ironically, the yubikey demo site for u2f does not > > > trigger the same crash. > > > > I see. > > > > Another thing that bothers me. These keys are USB HIDs, right? Is it safe > > enough to let browser access USB bus (USB keyboard is HID and people > > can type different things on it). > > > > Well, that part of it is a completely different animal. It's probably worth > a separate discussion about how the protocol works. You are suggesting that > this couldn't even be made to work in a secure fashion, and I'm not going > to disagree with you. >
