Package: udev Version: 0.105-4 Severity: critical Tags: security Justification: root security hole
This is a follow-up to closed bug report #404927. The group problem is not yet fixed. The rule: SUBSYSTEM=="block", ATTRS{removable}=="1", \ DRIVERS!="aacraid", GROUP="floppy" in permissions.rules still results in group 'floppy'. I'm not sure why. I don't know if this is a udev bug or a permission.rules bug but I suggest changing the rules to either: # the aacraid driver is broken and reports that disks removable (see #404927) SUBSYSTEM=="block", DRIVERS=="aacraid", GROUP:="disk" SUBSYSTEM=="block", ATTRS{removable}=="1", GROUP="floppy" or: # the aacraid driver is broken and reports that disks removable (see #404927) SUBSYSTEM=="block", ATTRS{removable}=="1", GROUP="floppy" SUBSYSTEM=="block", DRIVERS=="aacraid", GROUP="disk" Perhaps the second should be preferred to allow further modifications. If the "ATTRS{removable}" check is not removed, the rule will not apply to partitions of the disk (I've checked it). Either way, since in many systems there is at least one user that belongs to group 'floppy' by default, this is a security issue that concerns stable release too. A user that belongs to group floppy can easily become root by (for example) "editing" /dev/sda and modifying the shadow file. Since we're talking about aacraid devices, the affected machines most probably will by servers. -- Package-specific info: -- /etc/udev/rules.d/: /etc/udev/rules.d/: total 8 lrwxrwxrwx 1 root root 20 2007-09-07 19:33 020_permissions.rules -> ../permissions.rules lrwxrwxrwx 1 root root 13 2007-09-07 19:33 udev.rules -> ../udev.rules lrwxrwxrwx 1 root root 25 2007-09-07 19:33 z20_persistent-input.rules -> ../persistent-input.rules lrwxrwxrwx 1 root root 19 2007-09-07 19:33 z20_persistent.rules -> ../persistent.rules -rw-r--r-- 1 root root 610 2007-09-07 20:03 z25_persistent-cd.rules -rw-r--r-- 1 root root 498 2007-09-07 19:33 z25_persistent-net.rules lrwxrwxrwx 1 root root 33 2007-09-07 19:33 z45_persistent-net-generator.rules -> ../persistent-net-generator.rules lrwxrwxrwx 1 root root 12 2007-09-07 19:33 z50_run.rules -> ../run.rules lrwxrwxrwx 1 root root 16 2007-09-07 19:33 z55_hotplug.rules -> ../hotplug.rules lrwxrwxrwx 1 root root 29 2007-09-07 19:33 z75_cd-aliases-generator.rules -> ../cd-aliases-generator.rules -- /sys/: /sys/block/loop0/dev /sys/block/loop1/dev /sys/block/loop2/dev /sys/block/loop3/dev /sys/block/loop4/dev /sys/block/loop5/dev /sys/block/loop6/dev /sys/block/loop7/dev /sys/block/ram0/dev /sys/block/ram10/dev /sys/block/ram11/dev /sys/block/ram12/dev /sys/block/ram13/dev /sys/block/ram14/dev /sys/block/ram15/dev /sys/block/ram1/dev /sys/block/ram2/dev /sys/block/ram3/dev /sys/block/ram4/dev /sys/block/ram5/dev /sys/block/ram6/dev /sys/block/ram7/dev /sys/block/ram8/dev /sys/block/ram9/dev /sys/block/sda/dev /sys/block/sda/sda1/dev /sys/block/sda/sda2/dev /sys/block/sda/sda5/dev /sys/block/sda/sda6/dev /sys/block/sda/sda7/dev /sys/block/sdb/dev /sys/block/sdb/sdb1/dev /sys/block/sdb/sdb5/dev /sys/block/sdb/sdb6/dev /sys/block/sdb/sdb7/dev /sys/block/sdb/sdb8/dev /sys/block/sr0/dev /sys/class/input/input0/event0/dev /sys/class/input/input1/event1/dev /sys/class/input/input1/mouse0/dev /sys/class/input/input1/ts0/dev /sys/class/input/input2/event2/dev /sys/class/input/mice/dev /sys/class/misc/device-mapper/dev /sys/class/misc/hpet/dev /sys/class/misc/mcelog/dev /sys/class/misc/psaux/dev /sys/class/misc/rtc/dev /sys/class/misc/snapshot/dev /sys/class/scsi_generic/sg0/dev /sys/class/scsi_generic/sg1/dev /sys/class/scsi_generic/sg2/dev /sys/class/usb_device/usbdev1.1/dev /sys/class/usb_device/usbdev2.1/dev /sys/class/usb_device/usbdev2.2/dev /sys/class/usb_device/usbdev3.1/dev /sys/class/usb_device/usbdev4.1/dev /sys/class/usb_device/usbdev5.1/dev /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-0:1.0/usbdev2.1_ep81/dev /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1:1.0/usbdev2.2_ep81/dev /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1:1.1/usbdev2.2_ep82/dev /sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/usbdev2.2_ep00/dev /sys/devices/pci0000:00/0000:00:1d.0/usb2/usbdev2.1_ep00/dev /sys/devices/pci0000:00/0000:00:1d.1/usb3/3-0:1.0/usbdev3.1_ep81/dev /sys/devices/pci0000:00/0000:00:1d.1/usb3/usbdev3.1_ep00/dev /sys/devices/pci0000:00/0000:00:1d.2/usb4/4-0:1.0/usbdev4.1_ep81/dev /sys/devices/pci0000:00/0000:00:1d.2/usb4/usbdev4.1_ep00/dev /sys/devices/pci0000:00/0000:00:1d.3/usb5/5-0:1.0/usbdev5.1_ep81/dev /sys/devices/pci0000:00/0000:00:1d.3/usb5/usbdev5.1_ep00/dev /sys/devices/pci0000:00/0000:00:1d.7/usb1/1-0:1.0/usbdev1.1_ep81/dev /sys/devices/pci0000:00/0000:00:1d.7/usb1/usbdev1.1_ep00/dev -- Kernel configuration: isapnp_init not present. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable'), (500, 'testing') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-amd64 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages udev depends on: ii debconf [debconf-2.0] 1.5.11etch1 Debian configuration management sy ii libc6 2.3.6.ds1-13etch4 GNU C Library: Shared libraries ii libselinux1 1.32-3 SELinux shared libraries ii libvolume-id0 0.105-4 libvolume_id shared library ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip udev recommends no packages. -- debconf information: udev/new_kernel_needed: false udev/reboot_needed: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]