Bug 558677 (CVE-2010-0299) - CVE-2010-0299 kernel: Driver-Core: devtmpfs - set root directory mode to 0755
Summary: CVE-2010-0299 kernel: Driver-Core: devtmpfs - set root directory mode to 0755
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2010-0299
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 547593 586016 586020
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-01-26 00:34 UTC by Eugene Teo (Security Response)
Modified: 2021-11-12 20:03 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2012-03-28 08:38:32 UTC
Embargoed:

Attachments (Terms of Use)

Description Eugene Teo (Security Response) 2010-01-26 00:34:38 UTC 
Description of problem:
devtmpfs - set root directory mode to 0755.

Devtmpfs lets the kernel create a tmpfs instance called devtmpfs very early at kernel initialization, before any driver-core device is registered. Every device with a major/minor will provide a device node in devtmpfs. Devtmpfs can be changed and altered by userspace at any time, and in any way needed - just like today's udev-mounted tmpfs.

Make sure the root directory permissions is 0755 instead of 1777.

This was introduced in v2.6.32-rc1 via commit 2b2af54a.

Upstream commit:
http://git.kernel.org/linus/f776c5ec4690b21b3668ad5956774a22c86f541a
http://git.kernel.org/linus/9329d1beaeed1a94f030c784dcec5ff973f402c4
Comment 1 Eugene Teo (Security Response) 2010-01-26 00:37:39 UTC 
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG did not include support for Devtmpfs, and therefore are not affected by this issue.
Comment 5 Chuck Ebbert 2010-01-29 03:16:04 UTC 
Fixed in 2.6.32.7 by:

 driver-core-devtmpfs-set-root-directory-mode-to-0755.patch
Note You need to log in before you can comment on or make changes to this bug.