Re: Using inb() and outb()

2012-05-22 Thread Robert Bonomi
 From owner-freebsd-questi...@freebsd.org  Tue May 22 15:18:43 2012
 Date: Tue, 22 May 2012 13:13:35 -0700
 From: Thomas D. Dean tomd...@speakeasy.org
 To: freebsd-questions@freebsd.org
 Subject: Using inb() and outb()

 I have nanoBSD running a hardware control application.

 To do this, I need inb() and outb() functions.

 I an do this as root.  However, it is better if none of the control
 system is run as root.

 How do I allow these functions to one specific user?

To do that, you would have to re-build a significant portion of the 
security controls of the O/S.   Good luck.

'regular' users are simply -not- allowed to acces hardware I/O ports
directly.  Only the 'superuser' can do that.  Thus, to use inb()/outb()
the application must be running with EUID 0.  No other options.

If you don't want the application to run as root,  The only other option
is to write an actual 'device driver' -- which would execute as part of
the kernel -- that provides the required functionality to the app, and 
does the actual hardware port IN/OUT operations iself, inside the driver.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Using inb() and outb()

2012-05-22 Thread Thomas D. Dean

On 05/22/12 14:08, Robert Bonomi wrote:

That is what I thought.

The entire operation will have to run as root.  Nothing will be non-root.

Don't like that, but, it is nanoBSD and hardware control

Tom Dean
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Using inb() and outb()

2012-05-22 Thread Eitan Adler
On 22 May 2012 14:25, Thomas D. Dean tomd...@speakeasy.org wrote:
 On 05/22/12 14:08, Robert Bonomi wrote:

 That is what I thought.

 The entire operation will have to run as root.  Nothing will be non-root.

Can you make a SUID helper which only does the inb/outb operations as root?

-- 
Eitan Adler
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Using inb() and outb()

2012-05-22 Thread Thomas D. Dean

On 05/22/12 17:09, Eitan Adler wrote:

On 22 May 2012 14:25, Thomas D. Deantomd...@speakeasy.org  wrote:

On 05/22/12 14:08, Robert Bonomi wrote:

That is what I thought.

The entire operation will have to run as root.  Nothing will be non-root.


Can you make a SUID helper which only does the inb/outb operations as root?



I am planing to move the higher level functions to a driver.

I really want a userland interface to the process.

Tom Dean
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Using inb() and outb()

2012-05-22 Thread Robert Bonomi
 From owner-freebsd-questi...@freebsd.org  Tue May 22 21:30:21 2012
 Date: Tue, 22 May 2012 19:27:44 -0700
 From: Thomas D. Dean tomd...@speakeasy.org
 To: freebsd-questions@freebsd.org
 Subject: Re: Using inb() and outb()

 On 05/22/12 17:09, Eitan Adler wrote:
  On 22 May 2012 14:25, Thomas D. Deantomd...@speakeasy.org  wrote:
  On 05/22/12 14:08, Robert Bonomi wrote:
 
  That is what I thought.
 
  The entire operation will have to run as root.  Nothing will be non-root.
 
  Can you make a SUID helper which only does the inb/outb operations as root?
 

 I am planing to move the higher level functions to a driver.

 I really want a userland interface to the process.

It just occured to me -- you could do a 'daemon' process that ran as the
superuser, and provided the hardware-level services to a non-root client
via, say,  RPC, or a bare 'socket' ('unix' or 'ip') connection.

Doing the I/O via RPC would be 'interesting', in that the 'device' could
be physically connected to one machine (almost an 'embedded'-class  micro-
controller), while the vast majority of the 'control progrm' could run on
an entirely different machine.

If you're up to doing the device-driver coding, it is a =better= solution,
because then you can use the filesystem access-control mechanisms to limit
access to the 'device'. 
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org


Re: Using inb() and outb()

2012-05-22 Thread Thomas D. Dean

On 05/22/12 19:53, Robert Bonomi wrote:

I implemented a RPC system at SLAC - actually got RPC numbers from Sun!

But, it is slow.  Unless it is located far away (two miles at SLAC), it
is much faster to do it with a driver, etc.

Tom Dean
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org