StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POPrivilege Escalation in Web Environment for File Access
text
Body
copied!<p>I have a situation where I would like to elevate the permissions I have in a web environment so that I can access a serial device. </p> <p>The specific case is where I have a web interface for configuring a modem that comes up on <code>/dev/ttyUSB[0-9]</code>. </p> <p>Zero or more modems will be plugged in by an end user. I am writing some software that is capable of discerning which is a USB Wireless Modem by reading <code>/sys/devices</code> and talking to the modem using some AT commands.</p> <p>I would like to be able to open the device and do something like:</p> <pre><code>ser = serial.Serial(tty, baudrate=115200, timeout=10) ser.write('AT+CGSN\r\n') imei = ser.readline() </code></pre> <p>The problem is that <code>pyserial</code> does this: <code>self.fd = os.open(self.portstr, os.O_RDWR|os.O_NOCTTY|os.O_NONBLOCK)</code> to open the serial port, where portstr is <code>/dev/ttyUSB0</code>, but it does it as the <code>nobody</code> user, which is unprivileged.</p> <p>Serial ports on this system are owned by root:uucp and are set as 0660 (i.e. <code>rw-rw----</code>).</p> <p>What is the best way for a user such as <code>nobody</code> who should have as few permissions as possible to open a file in dev?</p> <p>Ideas I will consider:</p> <ul> <li>Doing things in a subprocess using <code>sudo</code>.</li> <li>Changing permissions of the files in <code>/dev/</code> (instructions on how to do this properly using udev are appreciated!)</li> <li>Using another API or piece of software I have not considered.</li> </ul>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload