qmi-proxy running as non-root user
Ben Chan
benchan at chromium.org
Mon Jan 13 10:54:03 PST 2014
Hi Aleksander,
qmi-proxy is currently expected to run as root. IIUC, that's enforced by
incoming_cb and qmi_proxy_new in qmi-proxy.c. I guess it's a security
measure to prevent any arbitrary client application to access the QMI port
via qmi-proxy, unless it has root privilege.
The implication of this approach is that both qmi-proxy and ModemManager
need to run as root, which may not be ideal in some scenarios. For example,
I'm trying to run ModemManager in a sandboxed environment (i.e. non-root,
with limited access to only tty/usb devices, e.g. /dev/cdc-wdm0, associated
with modems).
I'm wondering if libqmi can provide a build time option to disable the root
privilege check in qmi-proxy. Alternatively, qmi-proxy can simply rely on
the file permissions to control the access to /dev/cdc-wdm*, and accept a
client process that can access /dev/cdc-wdm*. The rationale is that if a
client process can access /dev/cdc-wdm*, it can just bypass qmi-proxy.
How do you think?
Thanks,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/libqmi-devel/attachments/20140113/4b13ea17/attachment.html>
More information about the libqmi-devel
mailing list