Bug 4390 - bad default permissions on various things in /dev
Summary: bad default permissions on various things in /dev
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: dev
Version: 6.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Michael K. Johnson
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-08-06 05:26 UTC by wingc
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-09-20 15:58:59 UTC


Attachments (Terms of Use)

Description wingc 1999-08-06 05:26:08 UTC
This was discussed on Bugtraq last year, but it's worth
reporting as a 'bug' in my opinion:

- various "legacy" cd-rom device files are world-readable by
default. These include:
	/dev/aztcd
	/dev/bpcd
	/dev/cdu31a
	/dev/cdu535
	/dev/cm206cd
	/dev/gscd
	/dev/mcd
	/dev/optcd
	/dev/sjcd
	/dev/sonycd

The problem is that in a default RedHat 6.0 installation, if
any user attempts to 'cat' these files, it will trigger a
module load request by the kernel which results in a kernel
module actually being loaded.

The driver modules for these old ISA cd-roms seem to perform
somewhat dangerous probes to determine if a device is
actually present, cauing the system to freeze up for several
seconds or more.

In fact, depending upon the hardware present in a given
machine, loading one of these modules may even cause a
crash.

I was able to completely lock up many machines running Red
Hat 5.2 by 'cat'ing some of these cd-rom device files as a
non-root user. The same is probably true on Red Hat 6.0
depending on the machine. (basically, if there is a conflict
between the probing done by the old cd-rom driver and the
hardware in your computer, it may cause a freeze)


Also, the mouse device files in /dev are world-readable by
default. This may cause problems because I don't think that
the kernel supports multiple readers on these files-- if a
process opens them and tries to read, it may be able to lock
out the X server from reading, or cause the mouse to behave
erratically, etc.

	/dev/atibm
	/dev/inportbm
	/dev/logibm
	/dev/psaux
	/dev/sunmouse


There may be other problematic device files as well.

Some sound device files in /dev are world-readable too, for
instance (/dev/sndstat for one); any user can cause the
'soundcore', 'soundlow', and 'sound' modules to be loaded by
cat-ing them, although this is probably not a security
problem.


I would recommend making at least the 'legacy' cd-rom and
mouse device files non world-readable/writable by default in
Red Hat.

Thanks,

Chris Wing
wingc@engin.umich.edu

Comment 1 Preston Brown 1999-08-18 18:08:59 UTC
Michael, o maintainer of the dev package, do you want to fix this?  :)

Comment 2 Michael K. Johnson 1999-09-20 15:58:59 UTC
Fixed in dev-2.7.9 -- thanks for the suggestions.
While I was at it, I noticed that some of the legacy cdrom
devices weren't group disk, so I fixed that as well.


Note You need to log in before you can comment on or make changes to this bug.