[systemd-devel] WebUSB

Lars Knudsen larsgk at gmail.com
Wed Jan 25 13:38:06 UTC 2017 

On Fri, Jan 20, 2017 at 1:38 PM, Greg KH <gregkh at linuxfoundation.org> wrote:

> On Fri, Jan 20, 2017 at 01:18:12PM +0100, Lars Knudsen wrote:
> >     > The full device should be fine if it has a WebUSB interface (even
> in a
> >     > composite scenario)
> >
> >     Really?  You want to allow someone "raw" access to a composite device
> >     just because of one specific interface?
> >
> >
> > Ideally, I would only allow the browsers running in user space and only
> the
> > WebUSB interface.
> > - but would that even be possible on Linux? (now/future).
>
> I don't know how the browser ends up talking to the USB device in the
> first place.  Does it use libusb?  usbfs directly?  Something else?
> It all depends on how it is accessing the device for what is needed to
> properly set the permissions on it.
>
> > We should remember that devices with a WebUSB interface included were
> *made*
> > for user access (what else would be the point?).
>
> I agree, but you never know what type of crazy composite device people
> will create with this interface type.
>
> > Also: We *do* need a 'blanket' solution for these as manufactures can't
> always
> > wait for the next time all planets align
> > and e.g. Ubuntu chooses to upgrade the rules.  Just fyi, last time I was
> in
> > similar discussions in the smae lists, it took
> > some years for it to land in Ubuntu:  https://medium.com/@larsgk/
> > web-enabling-legacy-devices-dc3ecb9400ed#.7l1hztlmi
>
> Nothing I can do about crazy/stupid distros that never want to update
> anything, all we can do is provide the solution and hope they wake up
> and take it.  Or users will end up moving to a distro that does provide
> the correct continuous update model (i.e. Fedora, openSUSE, Arch, etc.)
>

Actually - there could be a way that would make the process more
'evergreen'
- you may have already considered it but it came to me in a dream last
night,
which I found quite magical (he he):

1. someone plugs in hardware with an unknown VID/PID but CDC capabilities
2. modemmanager does it's magic probing and finds "this is not a modem"
3. the VID/PID(& more if needed) + findings is sent to a cloud db ...
4. if the VID/PID(& more) gets enough votes to be modem/non-modem/other?,
it will be registered as such

every now and then, the DB is spread to e.g. CDN or the like to be picked
up by all installations...

next time someone plugs in the same hardware, it will allready be known

(this process could probably be expanded to other hardware/udev/etc)

This way, there is no 'waiting until crazy/stupid distros update' and one
could compare the process to how e.g.
the system time is updated from a time server.

thoughts?

br
Lars



> thanks,
>
> greg k-h
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20170125/bdfc2401/attachment.html>

More information about the systemd-devel mailing list