linux-spi.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [Query] Looking for comments on CONFIG_SPI_SPIDEV and CONFIG_I2C_CHARDEV interfaces security
@ 2022-05-31 15:25 Prasad Sodagudi
  2022-05-31 15:41 ` Mark Brown
  0 siblings, 1 reply; 2+ messages in thread
From: Prasad Sodagudi @ 2022-05-31 15:25 UTC (permalink / raw)
  To: linux-spi, linux-i2c, broonie, wsa; +Cc: linux-kernel

Hi All,

I am working on an IoT solution and would like to understand security 
impact of these two CONFIG_SPI_SPIDEV and CONFIG_I2C_CHARDEV interfaces 
of Linux. If a driver is developed from userspace for  /dev/spiX.Y or 
/dev/i2c interfaces,  are there any security concerns ?

Userspace driver is to control external SPI slave on board. I heard that 
these interfaces allows access to any of these type of devices on board. 
  How to avoid accessing any of these type of unwanted device access 
from userspace ?  Can Selinux or any mechanism control access to other 
these type of devices from user-space ?

Please share your comments/findings on these two interfaces related to 
security. If community had posted any security related discussions with 
these interfaces, please share details to improve understanding.

-Thanks, Prasad

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [Query] Looking for comments on CONFIG_SPI_SPIDEV and CONFIG_I2C_CHARDEV interfaces security
  2022-05-31 15:25 [Query] Looking for comments on CONFIG_SPI_SPIDEV and CONFIG_I2C_CHARDEV interfaces security Prasad Sodagudi
@ 2022-05-31 15:41 ` Mark Brown
  0 siblings, 0 replies; 2+ messages in thread
From: Mark Brown @ 2022-05-31 15:41 UTC (permalink / raw)
  To: Prasad Sodagudi; +Cc: linux-spi, linux-i2c, wsa, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 1216 bytes --]

On Tue, May 31, 2022 at 08:25:26AM -0700, Prasad Sodagudi wrote:

> I am working on an IoT solution and would like to understand security impact
> of these two CONFIG_SPI_SPIDEV and CONFIG_I2C_CHARDEV interfaces of Linux.
> If a driver is developed from userspace for  /dev/spiX.Y or /dev/i2c
> interfaces,  are there any security concerns ?

Well, you have to ensure that only userspace processes that you
want to have access to the spidev and I2C interfaces actually
have access to them which is something that could go wrong.  For
I2C you IIRC don't have a mechanism to partition devices between
different users since it all goes through /dev/i2c rather than
per device userspace devices.

> Userspace driver is to control external SPI slave on board. I heard that
> these interfaces allows access to any of these type of devices on board.
> How to avoid accessing any of these type of unwanted device access from
> userspace ?  Can Selinux or any mechanism control access to other these type
> of devices from user-space ?

You can use all the usual permission mechanisms to control access
to devices (probably using udev to set up permissions when things
are instantiated).  I'd expect this to include SELinux.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2022-05-31 15:41 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-31 15:25 [Query] Looking for comments on CONFIG_SPI_SPIDEV and CONFIG_I2C_CHARDEV interfaces security Prasad Sodagudi
2022-05-31 15:41 ` Mark Brown

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).