[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gpsd-dev] PPS and privilege-dropping
|
From: |
Gary E. Miller |
|
Subject: |
Re: [gpsd-dev] PPS and privilege-dropping |
|
Date: |
Thu, 17 Oct 2013 11:29:35 -0700 |
Yo Eric!
On Thu, 17 Oct 2013 08:03:43 -0400 (EDT)
address@hidden (Eric S. Raymond) wrote:
> I have tested with the GR601W, not running as root, over USB. Serial
> PPS works (I see PPS messages in JSON). This means that it ought to
> be possible in general to hotplug USB devices delivering PPS and have
> them work, even well after gpsd has dropped root privileges.
Yes, but KPPS will not. BTW, the PPS mmessages in JSON are NMEA, and
never found a good use for them.
> I see that kernel PPS requires root for initialization, and have added
> a thread wait to avoid the race condition you reported where the
> threads for PPS devices given on the command line don't get to the
> /dev/pps devices before privileges are dropped.
Great, I'll test that.
> We can't make kernel PPS work for hotplugged devices in the general
> case because hotplugging happens after privilege dropping. I like
> the fact that gpsd has only a very tiny attack surface for privilege
> escalation and want to keep that.
I should prolly add a doc note then.
> I think kernel PPS failing is tolerable because *serial* PPS works in
> the general case. What is the functional advantage of kernel PPS over
> serial?
By 'serial' you mean basic PPS. All PPS is 'serial' as it uses an
RS-232 control line to mark the edge of the second. Kernel PPS uses a
kernel function to accurately timestamp the status change on the PPS
line. Basic PPS has the kernel wake up the PPS thread and then the PPS
thread reads the current system clock. Obviously and as notedd in the
code, having the kernel do the time stamp is lower latency and less
jitter. That is about 20 micro Sec less latency and +/- 5 mucro Sec
jitter on one of my test systems.
With KPPS it is very doable to get the system clock stable to +/- 1 micro
Sec. Otherwise you are lucky to get +/- 5 micro Sec. Important to a time
nut.
> Might be nice to add logic such that if kernel PPS initialization
> fails we automatically drop to serial PPS. Or does it already work
> like that? I can't tell - the code is rather hard to read.
It already did that. It gotten broken recently and I have repaired that
damage. If you look at the ok and ok_kpps flags in ntpshm.c you see how
that works.
Also broken in the code last time it got refactored is that KPPS can not
really work standalone. If a system does not support TIOCMWAIT it is
game over, so the nest of #ifdef TIOMCWAIT are both wrong and overkill.
So if you can adjust Scons to disable all PPS if no TIOMCWAIT then the
code will be more correct and simpler.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701
address@hidden Tel:+1(541)382-8588
signature.asc
Description: PGP signature
- [gpsd-dev] PPS and privilege-dropping, Eric S. Raymond, 2013/10/17
- Re: [gpsd-dev] PPS and privilege-dropping,
Gary E. Miller <=
- Re: [gpsd-dev] PPS and privilege-dropping, Eric S. Raymond, 2013/10/17
- Re: [gpsd-dev] PPS and privilege-dropping, Eric S. Raymond, 2013/10/17
- Re: [gpsd-dev] PPS and privilege-dropping, Gary E. Miller, 2013/10/17
- Re: [gpsd-dev] PPS and privilege-dropping, Gary E. Miller, 2013/10/18
- Re: [gpsd-dev] PPS and privilege-dropping, Eric S. Raymond, 2013/10/18
- Re: [gpsd-dev] PPS and privilege-dropping, Gary E. Miller, 2013/10/18