Urs Thuermann wrote: > Patrick McHardy <[EMAIL PROTECTED]> writes: >> >>>+config CAN_RAW_USER >>>+ bool "Allow non-root users to access Raw CAN Protocol sockets" >> >> >>If you plan to remove this option, it should happen before merging >>since it affects userspace visible behaviour. > > > We have discussed this and have come to the conclusion that we should > remove permission checks completely, i.e. any user can open any CAN > socket (raw, bcm, or whatever will be implemented in the future). > This is because CAN is a pure broadcast network with no addresses. > CAN frames can't be directed to only one machine or a group or to only > one process (say one port). There is no communication between only > two (or some number) of stations which must be protected from other > stations. > > On the other hand, requiring a process to have CAP_NET_RAW to open a > CAN socket would mean that such process would also be able to sniff on > your ethernet or WLAN interfaces, which one probably wouldn't want. > > We have added that check when we still allowed the CAN raw socket to > bind to any interface and we didn't want an unprivileged process to be > able to read all e.g. TCP/IP traffic. Now binding is restricted to > ARPHRD_CAN interfaces. But even without this restriction the check is > not necessary, since all CAN sockets can only receive and send > ETH_P_CAN packets. So even if there would be an encapsulation of CAN > frames over ethernet or some other type of network, a normal user > process opening a CAN socket would only be able to read/write CAN > traffic, which should be OK without any special capability. > > So what do you think about this?
I believe that should be fine. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
