Patrick McHardy <[EMAIL PROTECTED]> writes: > Urs Thuermann wrote: > > +config CAN_RAW_USER > > + bool "Allow non-root users to access Raw CAN Protocol sockets" > > > If you plan to remove this option, it should happen before merging > since it affects userspace visible behaviour.
We have discussed this and have come to the conclusion that we should remove permission checks completely, i.e. any user can open any CAN socket (raw, bcm, or whatever will be implemented in the future). This is because CAN is a pure broadcast network with no addresses. CAN frames can't be directed to only one machine or a group or to only one process (say one port). There is no communication between only two (or some number) of stations which must be protected from other stations. On the other hand, requiring a process to have CAP_NET_RAW to open a CAN socket would mean that such process would also be able to sniff on your ethernet or WLAN interfaces, which one probably wouldn't want. We have added that check when we still allowed the CAN raw socket to bind to any interface and we didn't want an unprivileged process to be able to read all e.g. TCP/IP traffic. Now binding is restricted to ARPHRD_CAN interfaces. But even without this restriction the check is not necessary, since all CAN sockets can only receive and send ETH_P_CAN packets. So even if there would be an encapsulation of CAN frames over ethernet or some other type of network, a normal user process opening a CAN socket would only be able to read/write CAN traffic, which should be OK without any special capability. So what do you think about this? urs - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
