On Tue, 25 Aug 2009 10:42:49 -0700 Greg KH <greg@xxxxxxxxx> wrote: > On Tue, Aug 25, 2009 at 07:31:30PM +0200, Florian Zumbiehl wrote: > > Assumption: > > > > /dev/foo is configured to be owned by user root, group users, mode > > 0646. The attacker tries to open /dev/foo for writing as a user > > that's not root, not a member of the group root, but a member of > > the group users. > > > > The Trace: > > > > action | owner | group | mode | > > open(O_WRONLY)? > > ----------------------------+-------+-------+---------+----------------- > > mknod(/dev/foo) | root | root | 0644(?) | no > > chmod(/dev/foo,0646) | root | root | 0646 | yes > > chown(/dev/foo,root,users) | root | users | 0646 | no > > Are there any current device nodes that get set to this kind of "odd" > permissions with the current udev ruleset? Even if there are, I still don't see how it's a bug in udev. If you have a rule that configures a device with world-writable permissions, why does it matter which group owns the device? -RW
Attachment:
signature.asc
Description: PGP signature
