Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 100116 - udev-063 sets bad permissions on disks
Summary: udev-063 sets bad permissions on disks
Status: RESOLVED DUPLICATE of bug 100115
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Default Configs (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-07-24 07:02 UTC by apache
Modified: 2005-07-24 07:04 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description apache 2005-07-24 07:02:26 UTC
udev sets permissions for partitions to root:root which is ok, but it sets
permissions for disks to root:disk. That means every ordinary user with group
disk can run commands like this:

cat /dev/hda /home/foobar/out.txt
dd if=/dev/zero of=/dev/hda

That should not be possible. If a program has a security hole and runs one of
this commands, it can damage the whole system without root permissions.

Problem is already discussed here:
http://forums.gentoo.org/viewtopic-p-2597592.html#2597592

Reproducible: Always
Steps to Reproduce:
Attention! Do not perform the following actions, just read it !

1. Login with a user in group disk
2. Run dd if=/dev/zero of=/dev/hda
3. Reinstall gentoo *g*
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-07-24 07:04:06 UTC

*** This bug has been marked as a duplicate of 100115 ***