Description of problem: /dev/net/tun file has permissions 0666 by default (probably required by OpenVPN). James Morris in his followup to the CVE-2009-1897 kernel vulnerability suggests that the file should not be world-writable: http://blog.namei.org/2009/07/18/a-brief-note-on-the-2630-kernel-null-pointer-vulnerability/ Probably we should add a special group "tun" or "vpn" and make the file 0660 for that group. Version-Release number of selected component (if applicable): udev-141-3.fc11.x86_64 How reproducible: Steps to Reproduce: 1. ls -l /dev/net/tun Actual results: crw-rw-rw- 1 root root 10, 200 2009-07-07 18:59 /dev/net/tun Expected results: crw------- 1 root root 10, 200 2009-07-07 18:59 /dev/net/tun
Still present in F12. Are there any plans to fix this?
This got fixed at some point, I have: ls -l /dev/net/tun crw------- 1 root root 10, 200 2009-12-06 17:15 /dev/net/tun
forgot to mention, udev-145-14.fc12.x86_64.
This appears to be fixed in both RHEL6 and F12, so I'm closing this.
This isn't a bug, and as far as I can tell it (thankfully) *hasn't* been 'fixed' in Fedora or RHEL. If you really can reproduce a case where it gets set to 0600, and you haven't done anything special on your system to achieve that, then please re-open bug 196041. If you want to devise a group-ownership scheme instead and set the permissions to 0660 instead of 0666, that's fine. You'll need to start by adding the relevant group, then patch all the packages in the distribution to ensure that the relevant processes run in that group, and then you can restrict the permissions.