Re: [PATCH 001/001] CHAR DRIVERS: a simple device to give daemonsa /sys-like interface

[Bob Smith]

Greg Kroah-Hartman wrote:
> > The proxy device nodes are application specific and need to be
> > created as needed by applications.
>
> But applications do not have the permissions in a system to create
> device nodes.  Nor should they need that permission.

Agreed.  But you need root permissions to install an application
and part of that installation can be setting up systemd files
that allocate resources at boot.   Also, some applications start
as root just so they can do this kind of allocation.  The app
can (and should) drop root privileges when it can.

> > Allocation of minor numbers is an issue but that is an issue that
> > is separate from the proxy module itself.
> How is it separate, it seems tied directly to it as something that must
> be handled properly.
It can, but does not need to be handled in the kernel. It could
be handled in user space.

>
>>> Also, no, setting the permissions like this is not ok for a real system,
>>> what is going to be in charge of setting the permissions on these random
>>> device nodes?
>> Again, compare proxy to a named pipe.  It is up the application
>> writer to decide who gets read and write access to its proxy
>> nodes.
>
> Ok, but to do so, you have to have root permissions to start with, which
> is generally not going to happen on sane systems.  Only allowing root
> access to this seems like a huge limitation.

As noted above, yes, root has to set it up and set the permissions,
but this is hardly unusual, is it?

thanks
Bob Smith

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/