Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753463AbbGAJGd (ORCPT ); Wed, 1 Jul 2015 05:06:33 -0400 Received: from mx1.redhat.com ([209.132.183.28]:36460 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752837AbbGAJGY (ORCPT ); Wed, 1 Jul 2015 05:06:24 -0400 Date: Wed, 1 Jul 2015 10:06:19 +0100 From: "Daniel P. Berrange" To: Jeremy White Cc: hdegoede@redhat.com, spice-devel@lists.freedesktop.org, linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [Spice-devel] [RFC PATCH 1/1] Add a usbredir kernel module to remotely connect USB devices over IP. Message-ID: <20150701090619.GB16822@redhat.com> Reply-To: "Daniel P. Berrange" References: <1435700650-640-1-git-send-email-jwhite@codeweavers.com> <1435700650-640-2-git-send-email-jwhite@codeweavers.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <1435700650-640-2-git-send-email-jwhite@codeweavers.com> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3590 Lines: 86 On Tue, Jun 30, 2015 at 04:44:10PM -0500, Jeremy White wrote: > This module uses the usbredir protocol and user space tools, > which are used by the SPICE project. > > Signed-off-by: Jeremy White [snip] > diff --git a/drivers/usb/usbredir/Kconfig b/drivers/usb/usbredir/Kconfig > new file mode 100644 > index 0000000..284fd02 > --- /dev/null > +++ b/drivers/usb/usbredir/Kconfig > @@ -0,0 +1,25 @@ > +config USBREDIR > + tristate "USBREDIR support" > + depends on USB && NET > + ---help--- > + This enables connecting a remote USB device over IP using > + the USBREDIR protocol. This module provides a sysfs attach > + interface which, if given a socket connected to a remote > + usbredirserver, will enable the remote device to behave as > + though it were connected to the system running this module. > + > + For more information and user space tools, refer to the > + USBREDIR project, which can be found at > + http://www.spice-space.org/page/UsbRedir. [snip] > new file mode 100644 > index 0000000..217a2e4 > --- /dev/null > +++ b/drivers/usb/usbredir/README > @@ -0,0 +1,20 @@ > +USB Redirection Kernel Module > + > +This module allows a Linux system to instatiate USB devices > +that are located on a remote device. The USB data is transferred > +over a socket using the USBREDIR protocol, which is generally > +used in conjunction with the SPICE project. > + > +You will need the USBREDIR user space tools. They can > +be found at http://www.spice-space.org/page/UsbRedir. > + > +To use, start the usbredirserver on a remote system. > +For example, > + ./usbredirserver --port 4000 125f:db8a > +will export my ADATA thumb drive on the remote system. > + > +Next, on the local system, connect a socket and relay that to > +the kernel module. The connectkernel utility will do this as follows: > + ./connectkernel adata4000 my.remote.device.com 4000 > + > +The device should attach and be usable on the local system. What is the security story here ? If I am understanding correctly, you have a userspace helper which opens a socket, and does a connect() to establish the connection to the remote system, and then tells the kernel to use the file descriptor associated with the socket. Assuming that's correct, then this seems to imply that the socket has raw plain text data being sent/received, and thus precludes the possibility of running any security protocol like TLS unless the kernel wants to have an impl of the TLS protocol. I don't really think it is sensible to be defining & implementing new network services which can't support strong encryption and authentication. Rather than passing the file descriptor to the kernel and having it do the I/O directly, I think it would be better to dissassociate the kernel from the network transport, and thus leave all sockets layer data I/O to userspace daemons so they can layer in TLS or SASL or whatever else is appropriate for the security need. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/