NetBSD Problem Report #55349

From www@netbsd.org  Fri Jun  5 19:48:19 2020
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 0098C1A9219
	for <gnats-bugs@gnats.NetBSD.org>; Fri,  5 Jun 2020 19:48:18 +0000 (UTC)
Message-Id: <20200605194818.1ABA91A921E@mollari.NetBSD.org>
Date: Fri,  5 Jun 2020 19:48:17 +0000 (UTC)
From: cmhanson@eschatologist.net
Reply-To: cmhanson@eschatologist.net
To: gnats-bugs@NetBSD.org
Subject: ham/rtl-sdr should implement a role user or group for access control/security
X-Send-Pr-Version: www-1.0

>Number:         55349
>Category:       kern
>Synopsis:       /dev/ugen* requires root access, so packages like ham/rtl-sdr have to be run as root
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri Jun 05 19:50:00 +0000 2020
>Last-Modified:  Thu Oct 15 06:25:01 +0000 2020
>Originator:     Chris Hanson
>Release:        9.0_2020Q1
>Organization:
>Environment:
NetBSD core.eschatologist.net 9.0_STABLE NetBSD 9.0_STABLE (GENERIC) #2: Mon Jun  1 14:08:20 PDT 2020  cmh@core.eschatologist.net:/usr/obj/sys/arch/amd64/compile/GENERIC amd64

>Description:
Right now naively plugging in an SDR USB device, installing ham/rtl-sdr, and trying to use the tools from it results in no radio being found, because the radio devices (say /dev/ugen0*) get mode rw- for root only. A user has to su or sudo in order to run the tools, which is very bad security practice since the radio device is literally taking in data from the outside world.

>How-To-Repeat:

>Fix:
Access to radio devices could be gated on a specific user acocunt or on group membership.

For example, if the devices were owned by a “_radio” role user, the tools in ham/rtl-sdr could be made setuid to that user, so while any user could run them, they would run with reduced rather than expanded privileges, and still be able to access the radio.

Another potential fix would be to have the devices owned by a “_radio” role group, and require users to be added to that group if they wish to access the radios. Then the ham/rtl-sdr tools would run with that user’s privileges, but because that user is a member of the group they would still have access to the radios.

My instinctive preference is for a “_radio” role user, because it gives the least privilege to the tools interacting with the radio device. However, I haven’t analyzed what access to the rest of the system ham/rtl-sdr actually requires; for example, if it requires access to user configuration files, it may be onerous to require a user to figure out how to share those with the role user. Someone who knows the package better than I would have to make that call.

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: pkg-manager->kern-bug-people
Responsible-Changed-By: maya@NetBSD.org
Responsible-Changed-When: Tue, 13 Oct 2020 02:00:51 +0000
Responsible-Changed-Why:
Edited subject and category. pkgsrc can't fix this bug, as /dev/ugen* is root-only.


From: matthew green <mrg@eterna.com.au>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org, pkg-manager@netbsd.org,
    netbsd-bugs@netbsd.org, gnats-admin@netbsd.org, maya@NetBSD.org,
    cmhanson@eschatologist.net
Subject: re: kern/55349 (/dev/ugen* requires root access, so packages like ham/rtl-sdr have to be run as root)
Date: Thu, 15 Oct 2020 17:21:26 +1100

 they don't have to be run by root, you can adjust the permissions
 on /dev/ugen* to match your requirements.

 it's pretty annoying since the naming is not great, and you have
 to either hard code your kernel ugenN or hope they don't renumber.

 i run ups-nut-usb as 'nut' user/group, with those device nodes
 group 'nut' read-write.


 this is still a pain and we should be able to do better, but it
 doesn't have to mean running as root.


 .mrg.

>Unformatted:

Home	PR Database Search