Red Hat Bugzilla – Bug 23197
Incorrect permissions for group on some nodes
Last modified: 2008-05-01 11:37:59 EDT
These commands list /dev entries which are writable by group root: find /dev -gid 0 -perm -20 -type c find /dev -gid 0 -perm -20 -type b I suspect they are errors. They are a security concern because they could well make leaks of group root equivalent to full root access; e.g. /dev/agpgart would be the first candidate alphabetically :) In general, I would expect the following rules to apply: - A /dev entry should only be writable by the group if it has a special group (e.g. disk), or it is publicly writable. The same argument applies to group root having read permissions as well as write permissions. Generalising further, these rules do not just apply to /dev, but also pretty much all other files or directories. I suggest a quick audit; it is just a single "find" command.
A number of these are set this way by convention (carried over when the dev package was overhauled). Some of these are redundant because of pam_console, others we'll have to look at more closely.
This defect is considered MUST-FIX for Florence Gold release
This should all be cleaned up as of dev-3.1.0-1, which is quite a bit more careful about group ownerships and group read/write permissions. If this breaks anything, I trust we'll find out in time to relax some of the restrictions or fix some broken programs.