[Bug 336704] New: user is not allowed to access cyberjack USB cardreader
https://bugzilla.novell.com/show_bug.cgi?id=336704 Summary: user is not allowed to access cyberjack USB cardreader Product: openSUSE 10.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: wolfgang@rosenauer.org QAContact: qa@suse.de Found By: --- A normal user has no access to the cyberjack USB cardreader: Bus 002 Device 002: ID 0c4b:0300 Reiner SCT Kartensysteme GmbH cyberJack pinpad(a) Hygiea:~ # ll /dev/bus/usb/002/002 crw-r--r-- 1 root root 189, 129 Oct 25 08:43 /dev/bus/usb/002/002 wolfi@Hygiea:~> LD_LIBRARY_PATH=/usr/lib64/readers strace cjgeldkarte 2>&1 | grep 002/002 open("/dev/bus/usb/002/002", O_RDWR) = -1 EACCES (Permission denied) open("/dev/bus/usb/002/002", O_RDONLY) = 5 open("/dev/bus/usb/002/002", O_RDWR) = -1 EACCES (Permission denied) open("/dev/bus/usb/002/002", O_RDONLY) = 4 open("/dev/bus/usb/002/002", O_RDWR) = -1 EACCES (Permission denied) open("/dev/bus/usb/002/002", O_RDONLY) = 5 open("/dev/bus/usb/002/002", O_RDWR) = -1 EACCES (Permission denied) open("/dev/bus/usb/002/002", O_RDONLY) = 4 open("/dev/bus/usb/002/002", O_RDWR) = -1 EACCES (Permission denied) open("/dev/bus/usb/002/002", O_RDONLY) = 5 open("/dev/bus/usb/002/002", O_RDWR) = -1 EACCES (Permission denied) open("/dev/bus/usb/002/002", O_RDONLY) = 4 open("/dev/bus/usb/002/002", O_RDWR) = -1 EACCES (Permission denied) open("/dev/bus/usb/002/002", O_RDONLY) = 5 open("/dev/bus/usb/002/002", O_RDWR) = -1 EACCES (Permission denied) open("/dev/bus/usb/002/002", O_RDONLY) = 4 open("/dev/bus/usb/002/002", O_RDWR) = -1 EACCES (Permission denied) open("/dev/bus/usb/002/002", O_RDONLY) = 4 In previous openSUSE versions access was granted (AFAIK) because of /etc/hal/fdi/policy/10osvendor/80-cyberjack.fdi -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=336704#c1 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lnussel@novell.com AssignedTo|security-team@suse.de |sbrabec@novell.com --- Comment #1 from Ludwig Nussel <lnussel@novell.com> 2007-10-25 06:54:25 MST --- this file is still part of ctapi-cyberjack, it doesn't match as the structure of how usb devices are represented in hal has changed. I was not aware that ctapi-cyberjack uses resmgr so I couldn't notify the maintainer. The file should look different anyways, directly merging resmgr.class isn't something I'd recommend a distro package to do. Anyways, reassigning to package maintainer. Stanislav see https://bugzilla.novell.com/show_bug.cgi?id=250659#c21 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=336704#c2 --- Comment #2 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2007-10-25 07:12:49 MST --- hmm, so: <device> <!-- REINER SCT cyberJack ecom_a USB --> <match key="info.bus" string="usb_device"> <match key="usb_device.vendor_id" int="0x0c4b"> <match key="usb_device.product_id" int="0x0400"> <append key="info.capabilities" type="strlist">usb</append> </match> </match> </match> </device> is the correct format? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=336704#c3 --- Comment #3 from Ludwig Nussel <lnussel@novell.com> 2007-10-25 08:06:41 MST --- There no rule to match for info.capabilities==usb in resmgr. The card reader should have it's own capabilities, that's something to be done for 11.0. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=336704#c4 Wolfgang Rosenauer <wolfgang@rosenauer.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |fixed_bs --- Comment #4 from Wolfgang Rosenauer <wolfgang@rosenauer.org> 2007-10-25 12:19:32 MST --- Thanks, FWIW, it's fixed in OBS security:chipcard/pcsc-cyberjack now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=336704 User sbrabec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=336704#c5 --- Comment #5 from Stanislav Brabec <sbrabec@novell.com> 2007-12-04 11:25:45 MST --- Updated for Factory. Yes, card readers, UPSes and other special devices should have its own capabilities. If there is any but for it or discussion, please add me to Cc:. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=336704 User sbrabec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=336704#c6 Stanislav Brabec <sbrabec@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #6 from Stanislav Brabec <sbrabec@novell.com> 2007-12-04 11:26:17 MST --- Closing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com