On 2020-07-14 12:58, Stuart Henderson wrote: > Known problem, there's no nice way around it though. The standard model > used on most OS of controlling many simpler USB devices from a low > privileged userland process does not work too well with the approach > in https://cvsweb.openbsd.org/src/etc/MAKEDEV.common#rev1.105 > > afaik the options for this are chmod, run as root, or write a driver that > works similar to fido(4) and modify the existing software that interfaces > with the device to use that instead (I guess for yk it will need a way to > hook into the keyboard driver too for the usual button-press keyboard > emulation otp mode).
One approach is to grant access to the user logged in at the console. Another approach is to write a userspace daemon that has permission to interact with the device, and which can handle access control itself. I prefer this approach, as it reduces the kernel’s attack surface. Sincerely, Demi
signature.asc
Description: OpenPGP digital signature