Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 4390 - bad default permissions on various things in /dev
Summary: bad default permissions on various things in /dev
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: dev
Version: 6.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Michael K. Johnson
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-08-06 05:26 UTC by wingc
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-09-20 15:58:59 UTC


Attachments (Terms of Use)

Description wingc 1999-08-06 05:26:08 UTC
This was discussed on Bugtraq last year, but it's worth
reporting as a 'bug' in my opinion:

- various "legacy" cd-rom device files are world-readable by
default. These include:
	/dev/aztcd
	/dev/bpcd
	/dev/cdu31a
	/dev/cdu535
	/dev/cm206cd
	/dev/gscd
	/dev/mcd
	/dev/optcd
	/dev/sjcd
	/dev/sonycd

The problem is that in a default RedHat 6.0 installation, if
any user attempts to 'cat' these files, it will trigger a
module load request by the kernel which results in a kernel
module actually being loaded.

The driver modules for these old ISA cd-roms seem to perform
somewhat dangerous probes to determine if a device is
actually present, cauing the system to freeze up for several
seconds or more.

In fact, depending upon the hardware present in a given
machine, loading one of these modules may even cause a
crash.

I was able to completely lock up many machines running Red
Hat 5.2 by 'cat'ing some of these cd-rom device files as a
non-root user. The same is probably true on Red Hat 6.0
depending on the machine. (basically, if there is a conflict
between the probing done by the old cd-rom driver and the
hardware in your computer, it may cause a freeze)


Also, the mouse device files in /dev are world-readable by
default. This may cause problems because I don't think that
the kernel supports multiple readers on these files-- if a
process opens them and tries to read, it may be able to lock
out the X server from reading, or cause the mouse to behave
erratically, etc.

	/dev/atibm
	/dev/inportbm
	/dev/logibm
	/dev/psaux
	/dev/sunmouse


There may be other problematic device files as well.

Some sound device files in /dev are world-readable too, for
instance (/dev/sndstat for one); any user can cause the
'soundcore', 'soundlow', and 'sound' modules to be loaded by
cat-ing them, although this is probably not a security
problem.


I would recommend making at least the 'legacy' cd-rom and
mouse device files non world-readable/writable by default in
Red Hat.

Thanks,

Chris Wing
wingc@engin.umich.edu

Comment 1 Preston Brown 1999-08-18 18:08:59 UTC
Michael, o maintainer of the dev package, do you want to fix this?  :)

Comment 2 Michael K. Johnson 1999-09-20 15:58:59 UTC
Fixed in dev-2.7.9 -- thanks for the suggestions.
While I was at it, I noticed that some of the legacy cdrom
devices weren't group disk, so I fixed that as well.


Note You need to log in before you can comment on or make changes to this bug.