ts-7000
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ts-7000] Re: TS7500 DIO control while user is not root

from [frankvd99] [Permanent Link][Original]
To:
Subject: [ts-7000] Re: TS7500 DIO control while user is not root
From: "frankvd99" <>
Date: Sun, 16 Jan 2011 22:53:06 -0000 
My fear was that by using the setuid that maybe remote clients could enter the 
webserver and get access to my hardware. Now I have studied it a bit better and 
understand this is not a risk.

>From a web client I can now read and write the digital IOs. 

Nevertheless the whole thing with webservers and security is pretty new to me 
so I will have to build up a bit more knowledge on this. 
Interesting stuff though.

Thanks a lot for your help!

Frank 

--- In  "Russell N. Nelson - rnnelson" <> 
wrote:
>
> Why would you see security warnings?  You don't even need a wrapper. If you 
> write your program carefully, you can setuid it and it can be run by anyone, 
> including the webserver.
> ________________________________________
> From:   on behalf of 
> frankvd99 
> Sent: Thursday, January 13, 2011 5:31 PM
> To: 
> Subject: [ts-7000] Re: TS7500 DIO control while user is not root
> 
> I've studied your advise Jim,
> I'm trying to control my application from a webserver. If I see all kinds of 
> security warning than this is not the thing that I want to do.
> 
> Frank
> 
> 
> --- In  Jim Jackson <jj@> wrote:
> >
> >
> >
> >
> > On Thu, 13 Jan 2011, frankvd99 wrote:
> >
> > > Hi Jonatan, Jim,
> > > Thanks for your feedback.
> > >
> > > I've tried to do a chmod 666 on /dev/mem but that still does not solve
> > > the problem. Also when I reboot the system the properties are set back to
> > > 600
> >
> > ... I'm not surprised.
> >
> > > I find conflicting information when I google around on this topic. Some
> > > are saying /dev/mem will give access to the memory from the user space.
> > > Others are saying you need to create a driver to get access to it.
> > >
> > > To me it is strange that there are several examples from Technologic
> > > Systems available but there is never a notice that you should run it as
> > > root. ftp://ftp.embeddedarm.com/ts-arm-sbc/ts-7500-linux/samples/dio.c
> >
> > Probably they assume there users have sufficient Linux knowledge
> >
> > > Are there other users of the TS7500 board who have different properties
> > > for /dev/mem? I've downloaded and installed debian linux from the
> > > Technologic FTP site a few weeks ago. Apart from some network settings I
> > > did not change a lot yet.
> >
> > You seem to have completely ignored my advice about using a setuid wrapper
> > program. Seems you can't help some people <shrug>.
> >
> > >
> > > --- In  Jim Jackson <jj@> wrote:
> > > >
> > > >
> > > >
> > > >
> > > > On Thu, 13 Jan 2011, frankvd99 wrote:
> > > >
> > > > > I have a TS7500 board and trying to control the digital IO lines from
> > > > > Debian-linux on the sd-card.
> > > > >
> > > > > When running the script below as user "root" it works fine. When doing
> > > > > the same thing as user eclipse (or any other user) I get below 
> > > > > message.
> > > > >
> > > > >
> > > > > #!/bin/sh
> > > > > . /initrd/ts7500.subr
> > > > > #
> > > > > echo "IO value of pin 5:"
> > > > > getdiopin 5
> > > > > #
> > > > >
> > > > > Response when user root:
> > > > > IO value of pin 5:
> > > > > 1
> > > > >
> > > > > Response when user eclipse:
> > > > > ts7500ctl: ts7500ctl.c: 771 main: Assertion 'dev/mem !=-1' failed
> > > > >
> > > > > I've traced this back to the ts7500ctl.c file which is trying to open
> > > > > /dev/mem, which is not allowed.
> > > > >
> > > > > Is there another way how I can get this done. My goal is to run TS7500
> > > > > digital IO control from a CGI script in the Apache webserver. Apache 
> > > > > does
> > > > > not allow you to run it as root, so that is not a workaround.
> > > >
> > > > You need a setuid program - see [1] for an overview of permissions. I
> > > > believe you are not supposed to make scripts setuid, because of a 
> > > > possible
> > > > security hole, so you probably need a program "wrapper" for your 
> > > > script[2].
> > > >
> > > > Jim
> > > >
> > > > [1] http://www.zzee.com/solutions/linux-permissions.shtml
> > > > [2] http://www.tuxation.com/setuid-on-shell-scripts.html
> > > >
> > >
> > >
> > >
> >
> 
> 
> 
> 
> ------------------------------------
> 
> Yahoo! Groups Links
>




------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/ts-7000/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/ts-7000/join
    (Yahoo! ID required)

<*> To change settings via email:
     
    

<*> To unsubscribe from this group, send an email to:
    

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ts-7000] Free space on my SD card?, walter marvin
Next by Date:  [ts-7000] Re: Why my micro-SD card does not get detected?, tiberiu_szm
Previous by Thread:  RE: [ts-7000] Re: TS7500 DIO control while user is not root, Russell N. Nelson - rnnelson
Next by Thread:  [ts-7000] problem with ts-7260 and usb modem, Marwa Mohamed
Indexes:  [Date] [Thread] [Top] [All Lists]
Admin

Disclaimer: Neither Andrew Taylor nor the University of NSW School of Computer and Engineering take any responsibility for the contents of this archive. It is purely a compilation of material sent by many people to the birding-aus mailing list. It has not been checked for accuracy nor its content verified in any way. If you wish to get material removed from the archive or have other queries about the archive e-mail Andrew Taylor at this address: andrewt@cse.unsw.EDU.AU