Your message dated Sun, 9 Oct 2005 22:55:08 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#332970: Default /dev/random permissions are world-writable
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 9 Oct 2005 20:42:36 +0000
>From [EMAIL PROTECTED] Sun Oct 09 13:42:36 2005
Return-path: <[EMAIL PROTECTED]>
Received: from vms044pub.verizon.net [206.46.252.44]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EOi0C-0006LY-00; Sun, 09 Oct 2005 13:42:36 -0700
Received: from [192.168.1.8] ([71.111.104.172])
by vms044.mailsrvcs.net (Sun Java System Messaging Server 6.2 HotFix 0.04
(built Dec 24 2004)) with ESMTPA id <[EMAIL PROTECTED]> for
[EMAIL PROTECTED]; Sun, 09 Oct 2005 15:42:22 -0500 (CDT)
Date: Sun, 09 Oct 2005 13:42:23 -0700
From: Josh Triplett <[EMAIL PROTECTED]>
Subject: Default /dev/random permissions are world-writable
To: [EMAIL PROTECTED]
Message-id: <[EMAIL PROTECTED]>
MIME-version: 1.0
Content-type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary=------------enigBCAB054C3C77DED5960B7803
X-Accept-Language: en-us, en
X-Enigmail-Version: 0.92.0.0
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.11) Gecko/20050914
Debian/1.7.11-1
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigBCAB054C3C77DED5960B7803
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Package: udev
Version: 0.70-3
Tags: security
>From /etc/udev/permissions.rules:
KERNEL=="random", MODE="0666"
KERNEL=="urandom", MODE="0444"
However, from drivers/char/random.c in the Linux kernel:
struct file_operations random_fops = {
.read = random_read,
.write = random_write,
.poll = random_poll,
.ioctl = random_ioctl,
};
struct file_operations urandom_fops = {
.read = urandom_read,
.write = random_write,
.ioctl = random_ioctl,
};
The write operations of random and urandom are the same. In both cases,
they allow adding data to the entropy pool. The permissions of both
devices should be 0644. Security tag added since this could
theoretically allow any user to control the generation of random numbers
for all users.
- Josh Triplett
--------------enigBCAB054C3C77DED5960B7803
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFDSYCvGJuZRtD+evsRArVtAJ9uaDycUQL8YBM7BexGuqLn/3uKuQCfUQfA
UlR5vcGr/3AIpdQu3yn+a/Y=
=/RlC
-----END PGP SIGNATURE-----
--------------enigBCAB054C3C77DED5960B7803--
---------------------------------------
Received: (at 332970-done) by bugs.debian.org; 9 Oct 2005 20:55:18 +0000
>From [EMAIL PROTECTED] Sun Oct 09 13:55:18 2005
Return-path: <[EMAIL PROTECTED]>
Received: from attila.bofh.it [213.92.8.2]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EOiCU-0000Jr-00; Sun, 09 Oct 2005 13:55:18 -0700
Received: by attila.bofh.it (Postfix, from userid 10)
id C255C5F7CC; Sun, 9 Oct 2005 22:55:16 +0200 (CEST)
Received: by wonderland.linux.it (Postfix, from userid 1001)
id 05DBC1C27D; Sun, 9 Oct 2005 22:55:08 +0200 (CEST)
Date: Sun, 9 Oct 2005 22:55:08 +0200
To: Josh Triplett <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Bug#332970: Default /dev/random permissions are world-writable
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="cWoXeonUoKmBZSoM"
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.10i
From: [EMAIL PROTECTED] (Marco d'Itri)
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--cWoXeonUoKmBZSoM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Oct 09, Josh Triplett <[EMAIL PROTECTED]> wrote:
> The write operations of random and urandom are the same. In both cases,
> they allow adding data to the entropy pool. The permissions of both
> devices should be 0644. Security tag added since this could
> theoretically allow any user to control the generation of random numbers
> for all users.
I am using the same permissions of /sbin/MAKEDEV and of the SuSE, Red
Hat and Gentoo packages. If you still believe that they should be
changed please provide a rationale from authoritative sources (like the
kernel driver maintainers).
--=20
ciao,
Marco
--cWoXeonUoKmBZSoM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDSYOsFGfw2OHuP7ERAiWWAJ9JNoQAAZGU6QQWclt2eFDhTC8W4QCfRxXE
TgKY4uMaEvHl9aXbNpXEFRU=
=YSI9
-----END PGP SIGNATURE-----
--cWoXeonUoKmBZSoM--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
