On Tue, Aug 25, 2009 at 01:04:17PM -0500, Robby Workman wrote: > On Tue, 25 Aug 2009 10:42:49 -0700 > Greg KH <greg@xxxxxxxxx> wrote: > > > On Tue, Aug 25, 2009 at 07:31:30PM +0200, Florian Zumbiehl wrote: > > > Assumption: > > > > > > /dev/foo is configured to be owned by user root, group users, mode > > > 0646. The attacker tries to open /dev/foo for writing as a user > > > that's not root, not a member of the group root, but a member of > > > the group users. > > > > > > The Trace: > > > > > > action | owner | group | mode | > > > open(O_WRONLY)? > > > ----------------------------+-------+-------+---------+----------------- > > > mknod(/dev/foo) | root | root | 0644(?) | no > > > chmod(/dev/foo,0646) | root | root | 0646 | yes > > > chown(/dev/foo,root,users) | root | users | 0646 | no > > > > Are there any current device nodes that get set to this kind of "odd" > > permissions with the current udev ruleset? > > > Even if there are, I still don't see how it's a bug in udev. > > If you have a rule that configures a device with world-writable > permissions, why does it matter which group owns the device? Exactly :) -- To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
