Bug 747965 - incorrect permission on /dev/dri/control nodes.
Summary: incorrect permission on /dev/dri/control nodes.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libdrm
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Dave Airlie
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks: 750914
TreeView+ depends on / blocked
 
Reported: 2011-10-21 14:34 UTC by Dave Airlie
Modified: 2011-12-06 15:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-12-06 15:07:02 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1613 0 normal SHIPPED_LIVE X.Org support packages bug fix and enhancement update 2011-12-06 00:51:05 UTC

Description Dave Airlie 2011-10-21 14:34:28 UTC
As pointed out on dri-devel we have incorrect permission on /dev/dri/control nodes they should be root only.

I don't think there is a sceurity issue, you can affect the modesetting but not access any of the buffer objects, but its a possible DOS against the current console users if running X.

fix is trivial change to one file.

Comment 1 RHEL Program Management 2011-10-21 14:50:47 UTC
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.

Comment 4 Dave Airlie 2011-10-21 16:52:02 UTC
MODIFIED

libdrm-2.4.25-2 built in brew.

Comment 7 Dave Airlie 2011-10-28 11:10:51 UTC
did you reboot since udev has to be rerun to execute the rules from what I know.

Comment 8 Tomas Pelka 2011-10-31 13:23:16 UTC
Yes I did.

Comment 10 Dave Airlie 2011-11-01 14:01:30 UTC
root:video or root:root is fine, as long as they aren't world readable/writable.

Comment 14 errata-xmlrpc 2011-12-06 15:07:02 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1613.html


Note You need to log in before you can comment on or make changes to this bug.