Il giorno sab, 17/11/2018 alle 18.12 +0100, Guido Trentalancia ha scritto: > Il giorno sab, 17/11/2018 alle 17.50 +0100, Stefan Brüns ha scritto: > > On Samstag, 17. November 2018 17:37:39 CET Guido Trentalancia > > wrote: > > > Bug #1329 has now been opened: > > > > > > https://sigrok.org/bugzilla/show_bug.cgi?id=1329 > > > > > > Anyone can test the current udev rule that you wrote and easily > > > realize > > > that it triggers the bug, as explained in the bug report and in > > > this > > > thread. > > > > > > It leads to *device opening failures*, therefore users are not > > > able > > > to > > > use sigrok and libsigrok ! > > Your patch removes any access control to the devices. This can be > > a > > significant security problem, as the rules also cover other devices > > connected > > using usb-serial converters, like braille devices. > > There is no security concern, as explained in the bug report. > > The devices do not contain sensitive information and all information > (mostly traces) is completely decontextualized, therefore completely > unintelligible and unusable to an unauthorized third party. > > The general-purpose rules are *only effective with devices used by > sigrok* and marked with ID_SIGROK = 1.
Not to mention the fact that relying on "security" provided by udev is the wrong approach to security ! There are dedicated security frameworks such as SELinux that people should rely on instead ! A false sense of security is worse than no security at all. _______________________________________________ sigrok-devel mailing list sigrok-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sigrok-devel
