Theo de Raadt wrote:
> +Beware this may allow the user unintended access to other hardware
> +associated to the same usb(4) controller, so do this with extreme
> +caution.
>
> Can you explain what extreme caution means?
More than one piece of hardware can be attached to the same usb(4)
device. You can, for example, have a mouse and a NitroKey both hanging
from /dev/usb1
According to the manpage at usb(4), there are commands that can break
the integrity of the bus over the usb interface.
In other words: if I allow somebody read/write access to /dev/usb1 so he
can use the NitroKey, he could mess up with everything depending on
/dev/usb1, including hardware I didn't want him to have access to.
There is people using NitroKeys in headless multiuser systems so this
can be an issue. The administrator should do his best to ensure no USB
hardware is connected to the same usb(4) interface the NitroKey is using
if he wants to grant access to the NitroKey to one user but not to the
other USB devices.
No comments:
Post a Comment