48740 – Dangerous default permissions in udev.conf (0666)

Bug 48740 - Dangerous default permissions in udev.conf (0666)

Summary: Dangerous default permissions in udev.conf (0666)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Greg Kroah-Hartman (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-04-22 16:23 UTC by Marc Ballarin
Modified:	2004-06-07 15:35 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marc Ballarin 2004-04-22 16:23:27 UTC

While the default mode of 0666 guarantees maximum compatibility, it can become a security hazard in the case of new, unknown device names.
An example are device-mapper entries created by lvm2 in the mapper/ subdir. Those are not handled by the default version of udev.permissions, and so are readable and writable for everyone.
While this can be fixed by adding "mapper/*:root:disk:660" to udev.premissions, similar problems might occur in the future.

You should really reconsider if a default mode of 0666 is acceptable.

Reproducible: Always
Steps to Reproduce:
1. create lvm2 volumes
2. use udev


Actual Results:  
nodes are set to root:root:0666 

Expected Results:  
nodes should be set to root:disk:0660

Comment 1 Greg Kroah-Hartman (RETIRED) gentoo-dev

2004-06-07 15:35:14 UTC

Ok, I've checked this in.  If you remerge you will pick up the new config
file with the perms changed.