On Tue, 8 Aug 2006, J.J. Garcia wrote:
First, this motorolla has an usb interface to the host, it's quite simple to attach the phone to the host running CentOs, i dont like very much usb 'things' but things are like this... anyway, if you do so
Then, in /dev you will have:
[root@spoolbox crash]# l /dev/ttyACM0 crw------- 1 root root 166, 0 ago 8 20:54 /dev/ttyACM0
yes - USB devices are nasty, and the PPPD has to manage serial devices as root.
Pretty definitionally, one has to have physical access to a host to plug a USB device into it -- the site admin (at least in the BIOS' I have deployed commercially) can, but may not have chosen to, disable USB devices, non-hard drive boot devices, etc., and so a local (mis)configuration may result in escalated privs.
Of course the admin may not have put a cable lock through the Kensington lock port, or an end user could bash in a plastic dress plate to pull out a HD and mount it on a nearby box with a live CD, even if the admin did.
Remote roots are interesting; local accounts escalation less so; physically available hosts not so much.
It was a fun report to see, and I would encourage upstreaming it to Red Hat.
- Russ Herrold