I have developed a simple patch for raw1394 that I am just beginning to test that addresses the raw1394 security issue in a way completely different than Jody's proposal. One drawback to using many different device files is the impact of that change on the libraries and applications that will take a long time to sort out and educate. Also, it does not address that certain address space of CSR are well-defined for specified applications and are safe to read/write.
My approach is to use Linux Capabilities to sandbox raw1394 operations. Things such as isochronous communications and asynchronous transactions against the well-defined address ranges (ConfigROM, IEC 61883-1 FCP and plug registers, IIDC) would be left as is and allow existing applications to work fine. Other operations would require CAP_SYS_RAWIO except some things like ARM and ConfigROM manipulation could be CAP_SYS_ADMIN.
What do you think? How does that deal with Stefan's issue #4? If it is not adequate, then nothing is because a protocol library in kernel space would just use the same addresses, just by proxy.
I have developed a simple patch for raw1394 that I am just beginning to test that addresses the raw1394 security issue in a way completely different than Jody's proposal. One drawback to using many different device files is the impact of that change on the libraries and applications that will take a long time to sort out and educate. Also, it does not address that certain address space of CSR are well-defined for specified applications and are safe to read/write.
My approach is to use Linux Capabilities to sandbox raw1394 operations. Things such as isochronous communications and asynchronous transactions against the well-defined address ranges (ConfigROM, IEC 61883-1 FCP and plug registers, IIDC) would be left as is and allow existing applications to work fine. Other operations would require CAP_SYS_RAWIO except some things like ARM and ConfigROM manipulation could be CAP_SYS_ADMIN.
What do you think? How does that deal with Stefan's issue #4? If it is not adequate, then nothing is because a protocol library in kernel space would just use the same addresses, just by proxy.