Bug 1257145 - Test case failure: /CoreOS/udev/Security/bz174845-CVE-2005-3631-dev_input-incorrect-permissions
Test case failure: /CoreOS/udev/Security/bz174845-CVE-2005-3631-dev_input-inc...
Status: CLOSED DUPLICATE of bug 1199644
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: systemd (Show other bugs)
7.2
Unspecified Linux
unspecified Severity unspecified
: rc
: ---
Assigned To: systemd-maint
qe-baseos-daemons
: Regression, Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-26 07:07 EDT by Karel Volný
Modified: 2015-10-13 11:37 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-10-07 10:12:33 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Karel Volný 2015-08-26 07:07:58 EDT
Filed from caserun https://tcms.engineering.redhat.com/run/257964/#caserun_10670108

Version-Release number of selected component (if applicable):
RHEL-7.2-20150820.0

Steps to Reproduce: 
run /CoreOS/udev/Security/bz174845-CVE-2005-3631-dev_input-incorrect-permissions


Actual results: 
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Test permissions
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   FAIL   ] :: Are the perms of /dev/input//by-path/platform-i8042-serio-0-event-kbd target equal to 600? (Assert: '660' should equal '600')
:: [   PASS   ] :: Is the user of /dev/input//by-path/platform-i8042-serio-0-event-kbd target equal to root? (Assert: 'root' should equal 'root')
:: [   FAIL   ] :: Is the group of /dev/input//by-path/platform-i8042-serio-0-event-kbd target equal to root? (Assert: 'input' should equal 'root')
:: [   FAIL   ] :: Are the perms of /dev/input//by-path/platform-i8042-serio-1-event-mouse target equal to 600? (Assert: '660' should equal '600')
:: [   PASS   ] :: Is the user of /dev/input//by-path/platform-i8042-serio-1-event-mouse target equal to root? (Assert: 'root' should equal 'root')
:: [   FAIL   ] :: Is the group of /dev/input//by-path/platform-i8042-serio-1-event-mouse target equal to root? (Assert: 'input' should equal 'root')
:: [   FAIL   ] :: Are the perms of /dev/input//by-path/platform-i8042-serio-1-mouse target equal to 600? (Assert: '660' should equal '600')
:: [   PASS   ] :: Is the user of /dev/input//by-path/platform-i8042-serio-1-mouse target equal to root? (Assert: 'root' should equal 'root')
:: [   FAIL   ] :: Is the group of /dev/input//by-path/platform-i8042-serio-1-mouse target equal to root? (Assert: 'input' should equal 'root')
:: [   FAIL   ] :: Are the perms of /dev/input//by-path/platform-pcspkr-event-spkr target equal to 600? (Assert: '660' should equal '600')
:: [   PASS   ] :: Is the user of /dev/input//by-path/platform-pcspkr-event-spkr target equal to root? (Assert: 'root' should equal 'root')
:: [   FAIL   ] :: Is the group of /dev/input//by-path/platform-pcspkr-event-spkr target equal to root? (Assert: 'input' should equal 'root')
:: [   FAIL   ] :: Are the perms of /dev/input//event0 equal to 600? (Assert: '660' should equal '600')
:: [   PASS   ] :: Is the user of /dev/input//event0 equal to root? (Assert: 'root' should equal 'root')
:: [   FAIL   ] :: Is the group of /dev/input//event0 equal to root? (Assert: 'input' should equal 'root')
:: [   FAIL   ] :: Are the perms of /dev/input//event1 equal to 600? (Assert: '660' should equal '600')
:: [   PASS   ] :: Is the user of /dev/input//event1 equal to root? (Assert: 'root' should equal 'root')
:: [   FAIL   ] :: Is the group of /dev/input//event1 equal to root? (Assert: 'input' should equal 'root')
:: [   FAIL   ] :: Are the perms of /dev/input//event2 equal to 600? (Assert: '660' should equal '600')
:: [   PASS   ] :: Is the user of /dev/input//event2 equal to root? (Assert: 'root' should equal 'root')
:: [   FAIL   ] :: Is the group of /dev/input//event2 equal to root? (Assert: 'input' should equal 'root')
:: [   FAIL   ] :: Are the perms of /dev/input//event3 equal to 600? (Assert: '660' should equal '600')
:: [   PASS   ] :: Is the user of /dev/input//event3 equal to root? (Assert: 'root' should equal 'root')
:: [   FAIL   ] :: Is the group of /dev/input//event3 equal to root? (Assert: 'input' should equal 'root')
:: [   FAIL   ] :: Are the perms of /dev/input//mice equal to 600? (Assert: '660' should equal '600')
:: [   PASS   ] :: Is the user of /dev/input//mice equal to root? (Assert: 'root' should equal 'root')
:: [   FAIL   ] :: Is the group of /dev/input//mice equal to root? (Assert: 'input' should equal 'root')
:: [   FAIL   ] :: Are the perms of /dev/input//mouse0 equal to 600? (Assert: '660' should equal '600')
:: [   PASS   ] :: Is the user of /dev/input//mouse0 equal to root? (Assert: 'root' should equal 'root')
:: [   FAIL   ] :: Is the group of /dev/input//mouse0 equal to root? (Assert: 'input' should equal 'root')
:: [   LOG    ] :: Duration: 1s
:: [   LOG    ] :: Assertions: 10 good, 20 bad
:: [   FAIL   ] :: RESULT: Test permissions


Expected results:
the permissions should be 600, as per discussion in bug 1072324
Comment 3 Harald Hoyer 2015-08-26 09:10:10 EDT
Due to the systemd rebase we now have a newer systemd, which has assigned group "input" assigned to /dev/input/* and thus permission 0660.

This follows the systemd upstream behaviour and is the same on newer Fedora.
Comment 4 Lukáš Nykrýn 2015-09-01 04:04:10 EDT
As Harald mentioned this is expected behavior.
Comment 5 Karel Volný 2015-10-07 09:22:25 EDT
(In reply to Harald Hoyer from comment #3)
> Due to the systemd rebase we now have a newer systemd, which has assigned
> group "input" assigned to /dev/input/* and thus permission 0660.

this is a change of behaviour within the scope of one major release of RHEL

I believe it deserves better explanation than "due to systemd", especially considering the fact that it had already been decided to set the permissions in some different way in the past - what has changed so that the previous decision is now wrong?

if nothing else, this has to be documented
Comment 6 Lukáš Nykrýn 2015-10-07 09:47:51 EDT
> if nothing else, this has to be documented

It is.

https://access.redhat.com/articles/1611383

A new system group "input" has been introduced, and all input device nodes get this group assigned. This enables for system-level software to get access to input devices and complements what is already provided for "audio" and "video".
Comment 7 Karel Volný 2015-10-13 11:37:52 EDT
(In reply to Lukáš Nykrýn from comment #6)
> > if nothing else, this has to be documented
> 
> It is.
> 
> https://access.redhat.com/articles/1611383

ah, ok, thanks

once upon a time, there used to be such info in Doc text in Bugzilla ...

*** This bug has been marked as a duplicate of bug 1199644 ***

Note You need to log in before you can comment on or make changes to this bug.