| created | 2020-01-21T07:47:40Z |
|---|---|
| begin | 2019-12-17T08:01:36Z |
| end | 2019-12-17T13:08:56Z |
| path | src/sys |
| commits | 3 |
| date | 2019-12-17T13:08:54Z | |||
|---|---|---|---|---|
| author | reyk | |||
| files | src/sys/arch/alpha/alpha/conf.c | log | diff | annotate |
| src/sys/arch/alpha/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/amd64/amd64/conf.c | log | diff | annotate | |
| src/sys/arch/amd64/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/arm64/conf/GENERIC | log | diff | annotate | |
| src/sys/dev/hid/hid.h | log | diff | annotate | |
| src/sys/dev/usb/fido.c | log | diff | annotate | |
| src/sys/dev/usb/files.usb | log | diff | annotate | |
| src/sys/dev/usb/uhid.c | log | diff | annotate | |
| src/sys/dev/usb/uhid.h | log | diff | annotate | |
| src/sys/sys/conf.h | log | diff | annotate | |
| message |
Add fido(4), a HID driver for FIDO/U2F security keys While FIDO/U2F keys were already supported by the generic uhid(4) driver, this driver adds the first step to tighten the security of FIDO/U2F access. Specifically, users don't need read/write access to all USB/HID devices anymore and the driver also improves integration with pledge(2) and unveil(2): It is pledge-friendly because it doesn't require any ioctls to discover the device and unveil-friendly because it uses a single /dev/fido/* directory for its device nodes. It also allows to support FIDO/U2F in firefox without further weakening the "sandbox" of the browser. Firefox does not have a proper privsep design and many operations, such as U2F access, are handled directly by the main process. This means that the browser's "fat" main process needs direct read/write access to all USB HID devices, at least on other operating systems. With fido(4) we can support security keys in Firefox under OpenBSD without such a compromise. With this change, libfido2 stops using the ioctl to query the device vendor/product and just assumes "OpenBSD" "fido(4)" instead. The ioctl is still supported but there was no benefit in obtaining the vendor product or name; it also allows to use libfido2 under pledge. With feedback from deraadt@ and many others OK kettenis@ djm@ and jmc@ for the manpage bits |
|||
| date | 2019-12-17T13:08:55Z | |||
|---|---|---|---|---|
| author | reyk | |||
| files | src/sys/arch/arm/arm/conf.c | log | diff | annotate |
| src/sys/arch/arm64/arm64/conf.c | log | diff | annotate | |
| src/sys/arch/armv7/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/hppa/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/hppa/hppa/conf.c | log | diff | annotate | |
| src/sys/arch/i386/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/i386/i386/conf.c | log | diff | annotate | |
| src/sys/arch/landisk/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/landisk/landisk/conf.c | log | diff | annotate | |
| src/sys/arch/loongson/conf/GENERIC | log | diff | annotate | |
| message |
Add fido(4), a HID driver for FIDO/U2F security keys While FIDO/U2F keys were already supported by the generic uhid(4) driver, this driver adds the first step to tighten the security of FIDO/U2F access. Specifically, users don't need read/write access to all USB/HID devices anymore and the driver also improves integration with pledge(2) and unveil(2): It is pledge-friendly because it doesn't require any ioctls to discover the device and unveil-friendly because it uses a single /dev/fido/* directory for its device nodes. It also allows to support FIDO/U2F in firefox without further weakening the "sandbox" of the browser. Firefox does not have a proper privsep design and many operations, such as U2F access, are handled directly by the main process. This means that the browser's "fat" main process needs direct read/write access to all USB HID devices, at least on other operating systems. With fido(4) we can support security keys in Firefox under OpenBSD without such a compromise. With this change, libfido2 stops using the ioctl to query the device vendor/product and just assumes "OpenBSD" "fido(4)" instead. The ioctl is still supported but there was no benefit in obtaining the vendor product or name; it also allows to use libfido2 under pledge. With feedback from deraadt@ and many others OK kettenis@ djm@ and jmc@ for the manpage bits |
|||
| date | 2019-12-17T13:08:56Z | |||
|---|---|---|---|---|
| author | reyk | |||
| files | src/sys/arch/loongson/loongson/conf.c | log | diff | annotate |
| src/sys/arch/macppc/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/macppc/macppc/conf.c | log | diff | annotate | |
| src/sys/arch/octeon/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/octeon/octeon/conf.c | log | diff | annotate | |
| src/sys/arch/sgi/conf/GENERIC-IP27 | log | diff | annotate | |
| src/sys/arch/sgi/conf/GENERIC-IP30 | log | diff | annotate | |
| src/sys/arch/sgi/conf/GENERIC-IP32 | log | diff | annotate | |
| src/sys/arch/sgi/sgi/conf.c | log | diff | annotate | |
| src/sys/arch/sparc64/conf/GENERIC | log | diff | annotate | |
| src/sys/arch/sparc64/sparc64/conf.c | log | diff | annotate | |
| message |
Add fido(4), a HID driver for FIDO/U2F security keys While FIDO/U2F keys were already supported by the generic uhid(4) driver, this driver adds the first step to tighten the security of FIDO/U2F access. Specifically, users don't need read/write access to all USB/HID devices anymore and the driver also improves integration with pledge(2) and unveil(2): It is pledge-friendly because it doesn't require any ioctls to discover the device and unveil-friendly because it uses a single /dev/fido/* directory for its device nodes. It also allows to support FIDO/U2F in firefox without further weakening the "sandbox" of the browser. Firefox does not have a proper privsep design and many operations, such as U2F access, are handled directly by the main process. This means that the browser's "fat" main process needs direct read/write access to all USB HID devices, at least on other operating systems. With fido(4) we can support security keys in Firefox under OpenBSD without such a compromise. With this change, libfido2 stops using the ioctl to query the device vendor/product and just assumes "OpenBSD" "fido(4)" instead. The ioctl is still supported but there was no benefit in obtaining the vendor product or name; it also allows to use libfido2 under pledge. With feedback from deraadt@ and many others OK kettenis@ djm@ and jmc@ for the manpage bits |
|||