747965 – incorrect permission on /dev/dri/control nodes.

Bug 747965 - incorrect permission on /dev/dri/control nodes.

Summary: incorrect permission on /dev/dri/control nodes.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	libdrm
Sub Component:
Version:	6.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Dave Airlie
QA Contact:	Desktop QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	750914
TreeView+	depends on / blocked

Reported:	2011-10-21 14:34 UTC by Dave Airlie
Modified:	2011-12-06 15:07 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-12-06 15:07:02 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:1613	0	normal	SHIPPED_LIVE	X.Org support packages bug fix and enhancement update	2011-12-06 00:51:05 UTC

Description Dave Airlie 2011-10-21 14:34:28 UTC

As pointed out on dri-devel we have incorrect permission on /dev/dri/control nodes they should be root only.

I don't think there is a sceurity issue, you can affect the modesetting but not access any of the buffer objects, but its a possible DOS against the current console users if running X.

fix is trivial change to one file.

Comment 1 RHEL Program Management 2011-10-21 14:50:47 UTC

This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux maintenance release. Product Management has 
requested further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed 
products. This request is not yet committed for inclusion in an Update release.

Comment 4 Dave Airlie 2011-10-21 16:52:02 UTC

MODIFIED

libdrm-2.4.25-2 built in brew.

Comment 7 Dave Airlie 2011-10-28 11:10:51 UTC

did you reboot since udev has to be rerun to execute the rules from what I know.

Comment 8 Tomas Pelka 2011-10-31 13:23:16 UTC

Yes I did.

Comment 10 Dave Airlie 2011-11-01 14:01:30 UTC

root:video or root:root is fine, as long as they aren't world readable/writable.

Comment 14 errata-xmlrpc 2011-12-06 15:07:02 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1613.html

Note You need to log in before you can comment on or make changes to this bug.