Using inb() and outb()
I have nanoBSD running a hardware control application. To do this, I need inb() and outb() functions. I an do this as root. However, it is better if none of the control system is run as root. How do I allow these functions to one specific user? Tom Dean ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using inb() and outb()
From owner-freebsd-questi...@freebsd.org Tue May 22 15:18:43 2012 Date: Tue, 22 May 2012 13:13:35 -0700 From: Thomas D. Dean tomd...@speakeasy.org To: freebsd-questions@freebsd.org Subject: Using inb() and outb() I have nanoBSD running a hardware control application. To do this, I need inb() and outb() functions. I an do this as root. However, it is better if none of the control system is run as root. How do I allow these functions to one specific user? To do that, you would have to re-build a significant portion of the security controls of the O/S. Good luck. 'regular' users are simply -not- allowed to acces hardware I/O ports directly. Only the 'superuser' can do that. Thus, to use inb()/outb() the application must be running with EUID 0. No other options. If you don't want the application to run as root, The only other option is to write an actual 'device driver' -- which would execute as part of the kernel -- that provides the required functionality to the app, and does the actual hardware port IN/OUT operations iself, inside the driver. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using inb() and outb()
On 05/22/12 14:08, Robert Bonomi wrote: That is what I thought. The entire operation will have to run as root. Nothing will be non-root. Don't like that, but, it is nanoBSD and hardware control Tom Dean ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using inb() and outb()
On 22 May 2012 14:25, Thomas D. Dean tomd...@speakeasy.org wrote: On 05/22/12 14:08, Robert Bonomi wrote: That is what I thought. The entire operation will have to run as root. Nothing will be non-root. Can you make a SUID helper which only does the inb/outb operations as root? -- Eitan Adler ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using inb() and outb()
On 05/22/12 17:09, Eitan Adler wrote: On 22 May 2012 14:25, Thomas D. Deantomd...@speakeasy.org wrote: On 05/22/12 14:08, Robert Bonomi wrote: That is what I thought. The entire operation will have to run as root. Nothing will be non-root. Can you make a SUID helper which only does the inb/outb operations as root? I am planing to move the higher level functions to a driver. I really want a userland interface to the process. Tom Dean ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using inb() and outb()
From owner-freebsd-questi...@freebsd.org Tue May 22 21:30:21 2012 Date: Tue, 22 May 2012 19:27:44 -0700 From: Thomas D. Dean tomd...@speakeasy.org To: freebsd-questions@freebsd.org Subject: Re: Using inb() and outb() On 05/22/12 17:09, Eitan Adler wrote: On 22 May 2012 14:25, Thomas D. Deantomd...@speakeasy.org wrote: On 05/22/12 14:08, Robert Bonomi wrote: That is what I thought. The entire operation will have to run as root. Nothing will be non-root. Can you make a SUID helper which only does the inb/outb operations as root? I am planing to move the higher level functions to a driver. I really want a userland interface to the process. It just occured to me -- you could do a 'daemon' process that ran as the superuser, and provided the hardware-level services to a non-root client via, say, RPC, or a bare 'socket' ('unix' or 'ip') connection. Doing the I/O via RPC would be 'interesting', in that the 'device' could be physically connected to one machine (almost an 'embedded'-class micro- controller), while the vast majority of the 'control progrm' could run on an entirely different machine. If you're up to doing the device-driver coding, it is a =better= solution, because then you can use the filesystem access-control mechanisms to limit access to the 'device'. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using inb() and outb()
On 05/22/12 19:53, Robert Bonomi wrote: I implemented a RPC system at SLAC - actually got RPC numbers from Sun! But, it is slow. Unless it is located far away (two miles at SLAC), it is much faster to do it with a driver, etc. Tom Dean ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org