[gpsd-dev] PPS and privilege-dropping

[Eric S. Raymond]

This is mainly for Gary Miller, but other people with an interest in
time service might want to pay attention.

I have tested with the GR601W, not running as root, over USB.  Serial
PPS works (I see PPS messages in JSON).  This means that it ought to
be possible in general to hotplug USB devices delivering PPS and have
them work, even well after gpsd has dropped root privileges.

I see that kernel PPS requires root for initialization, and have added
a thread wait to avoid the race condition you reported where the
threads for PPS devices given on the command line don't get to the
/dev/pps devices before privileges are dropped.

We can't make kernel PPS work for hotplugged devices in the general
case because hotplugging happens after privilege dropping.  I like
the fact that gpsd has only a very tiny attack surface for privilege
escalation and want to keep that.

I think kernel PPS failing is tolerable because *serial* PPS works in
the general case.  What is the functional advantage of kernel PPS over
serial?

Might be nice to add logic such that if kernel PPS initialization
fails we automatically drop to serial PPS. Or does it already work
like that?  I can't tell - the code is rather hard to read.
-- 
                <a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>

Rapists just *love* unarmed women.  And the politicians who disarm them.