Bug 4390 - bad default permissions on various things in /dev
bad default permissions on various things in /dev
Status: CLOSED NEXTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: dev (Show other bugs)
6.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Michael K. Johnson
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-08-06 01:26 EDT by wingc
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-09-20 11:58:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description wingc 1999-08-06 01:26:08 EDT
This was discussed on Bugtraq last year, but it's worth
reporting as a 'bug' in my opinion:

- various "legacy" cd-rom device files are world-readable by
default. These include:
	/dev/aztcd
	/dev/bpcd
	/dev/cdu31a
	/dev/cdu535
	/dev/cm206cd
	/dev/gscd
	/dev/mcd
	/dev/optcd
	/dev/sjcd
	/dev/sonycd

The problem is that in a default RedHat 6.0 installation, if
any user attempts to 'cat' these files, it will trigger a
module load request by the kernel which results in a kernel
module actually being loaded.

The driver modules for these old ISA cd-roms seem to perform
somewhat dangerous probes to determine if a device is
actually present, cauing the system to freeze up for several
seconds or more.

In fact, depending upon the hardware present in a given
machine, loading one of these modules may even cause a
crash.

I was able to completely lock up many machines running Red
Hat 5.2 by 'cat'ing some of these cd-rom device files as a
non-root user. The same is probably true on Red Hat 6.0
depending on the machine. (basically, if there is a conflict
between the probing done by the old cd-rom driver and the
hardware in your computer, it may cause a freeze)


Also, the mouse device files in /dev are world-readable by
default. This may cause problems because I don't think that
the kernel supports multiple readers on these files-- if a
process opens them and tries to read, it may be able to lock
out the X server from reading, or cause the mouse to behave
erratically, etc.

	/dev/atibm
	/dev/inportbm
	/dev/logibm
	/dev/psaux
	/dev/sunmouse


There may be other problematic device files as well.

Some sound device files in /dev are world-readable too, for
instance (/dev/sndstat for one); any user can cause the
'soundcore', 'soundlow', and 'sound' modules to be loaded by
cat-ing them, although this is probably not a security
problem.


I would recommend making at least the 'legacy' cd-rom and
mouse device files non world-readable/writable by default in
Red Hat.

Thanks,

Chris Wing
wingc@engin.umich.edu
Comment 1 Preston Brown 1999-08-18 14:08:59 EDT
Michael, o maintainer of the dev package, do you want to fix this?  :)
Comment 2 Michael K. Johnson 1999-09-20 11:58:59 EDT
Fixed in dev-2.7.9 -- thanks for the suggestions.
While I was at it, I noticed that some of the legacy cdrom
devices weren't group disk, so I fixed that as well.

Note You need to log in before you can comment on or make changes to this bug.