Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 48740

Summary: Dangerous default permissions in udev.conf (0666)
Product: Gentoo Linux Reporter: Marc Ballarin <Ballarin.Marc>
Component: [OLD] Core systemAssignee: Greg Kroah-Hartman (RETIRED) <gregkh>
Status: RESOLVED FIXED    
Severity: major CC: base-system
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Marc Ballarin 2004-04-22 16:23:27 UTC 
While the default mode of 0666 guarantees maximum compatibility, it can become a security hazard in the case of new, unknown device names.
An example are device-mapper entries created by lvm2 in the mapper/ subdir. Those are not handled by the default version of udev.permissions, and so are readable and writable for everyone.
While this can be fixed by adding "mapper/*:root:disk:660" to udev.premissions, similar problems might occur in the future.

You should really reconsider if a default mode of 0666 is acceptable.

Reproducible: Always
Steps to Reproduce:
1. create lvm2 volumes
2. use udev


Actual Results:  
nodes are set to root:root:0666 

Expected Results:  
nodes should be set to root:disk:0660
Comment 1 Greg Kroah-Hartman (RETIRED) gentoo-dev 2004-06-07 15:35:14 UTC 
Ok, I've checked this in.  If you remerge you will pick up the new config
file with the perms changed.