Package: udev
Version: 0.105-4
Severity: critical
Tags: security
Justification: root security hole
This is a follow-up to closed bug report #404927.
The group problem is not yet fixed. The rule:
SUBSYSTEM=="block", ATTRS{removable}=="1", \
DRIVERS!="aacraid", GROUP="floppy"
in permissions.rules still results in group 'floppy'. I'm not sure why.
I don't know if this is a udev bug or a permission.rules bug but I
suggest changing the rules to either:
# the aacraid driver is broken and reports that disks removable (see #404927)
SUBSYSTEM=="block", DRIVERS=="aacraid", GROUP:="disk"
SUBSYSTEM=="block", ATTRS{removable}=="1", GROUP="floppy"
or:
# the aacraid driver is broken and reports that disks removable (see #404927)
SUBSYSTEM=="block", ATTRS{removable}=="1", GROUP="floppy"
SUBSYSTEM=="block", DRIVERS=="aacraid", GROUP="disk"
Perhaps the second should be preferred to allow further modifications.
If the "ATTRS{removable}" check is not removed, the rule will not apply to
partitions of the disk (I've checked it).
Either way, since in many systems there is at least one user that belongs to
group 'floppy' by default, this is a security issue that concerns stable
release too. A user that belongs to group floppy can easily become root by
(for example) "editing" /dev/sda and modifying the shadow file. Since
we're talking about aacraid devices, the affected machines most probably
will by servers.
-- Package-specific info:
-- /etc/udev/rules.d/:
/etc/udev/rules.d/:
total 8
lrwxrwxrwx 1 root root 20 2007-09-07 19:33 020_permissions.rules ->
../permissions.rules
lrwxrwxrwx 1 root root 13 2007-09-07 19:33 udev.rules -> ../udev.rules
lrwxrwxrwx 1 root root 25 2007-09-07 19:33 z20_persistent-input.rules ->
../persistent-input.rules
lrwxrwxrwx 1 root root 19 2007-09-07 19:33 z20_persistent.rules ->
../persistent.rules
-rw-r--r-- 1 root root 610 2007-09-07 20:03 z25_persistent-cd.rules
-rw-r--r-- 1 root root 498 2007-09-07 19:33 z25_persistent-net.rules
lrwxrwxrwx 1 root root 33 2007-09-07 19:33 z45_persistent-net-generator.rules
-> ../persistent-net-generator.rules
lrwxrwxrwx 1 root root 12 2007-09-07 19:33 z50_run.rules -> ../run.rules
lrwxrwxrwx 1 root root 16 2007-09-07 19:33 z55_hotplug.rules ->
../hotplug.rules
lrwxrwxrwx 1 root root 29 2007-09-07 19:33 z75_cd-aliases-generator.rules ->
../cd-aliases-generator.rules
-- /sys/:
/sys/block/loop0/dev
/sys/block/loop1/dev
/sys/block/loop2/dev
/sys/block/loop3/dev
/sys/block/loop4/dev
/sys/block/loop5/dev
/sys/block/loop6/dev
/sys/block/loop7/dev
/sys/block/ram0/dev
/sys/block/ram10/dev
/sys/block/ram11/dev
/sys/block/ram12/dev
/sys/block/ram13/dev
/sys/block/ram14/dev
/sys/block/ram15/dev
/sys/block/ram1/dev
/sys/block/ram2/dev
/sys/block/ram3/dev
/sys/block/ram4/dev
/sys/block/ram5/dev
/sys/block/ram6/dev
/sys/block/ram7/dev
/sys/block/ram8/dev
/sys/block/ram9/dev
/sys/block/sda/dev
/sys/block/sda/sda1/dev
/sys/block/sda/sda2/dev
/sys/block/sda/sda5/dev
/sys/block/sda/sda6/dev
/sys/block/sda/sda7/dev
/sys/block/sdb/dev
/sys/block/sdb/sdb1/dev
/sys/block/sdb/sdb5/dev
/sys/block/sdb/sdb6/dev
/sys/block/sdb/sdb7/dev
/sys/block/sdb/sdb8/dev
/sys/block/sr0/dev
/sys/class/input/input0/event0/dev
/sys/class/input/input1/event1/dev
/sys/class/input/input1/mouse0/dev
/sys/class/input/input1/ts0/dev
/sys/class/input/input2/event2/dev
/sys/class/input/mice/dev
/sys/class/misc/device-mapper/dev
/sys/class/misc/hpet/dev
/sys/class/misc/mcelog/dev
/sys/class/misc/psaux/dev
/sys/class/misc/rtc/dev
/sys/class/misc/snapshot/dev
/sys/class/scsi_generic/sg0/dev
/sys/class/scsi_generic/sg1/dev
/sys/class/scsi_generic/sg2/dev
/sys/class/usb_device/usbdev1.1/dev
/sys/class/usb_device/usbdev2.1/dev
/sys/class/usb_device/usbdev2.2/dev
/sys/class/usb_device/usbdev3.1/dev
/sys/class/usb_device/usbdev4.1/dev
/sys/class/usb_device/usbdev5.1/dev
/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-0:1.0/usbdev2.1_ep81/dev
/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1:1.0/usbdev2.2_ep81/dev
/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/2-1:1.1/usbdev2.2_ep82/dev
/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-1/usbdev2.2_ep00/dev
/sys/devices/pci0000:00/0000:00:1d.0/usb2/usbdev2.1_ep00/dev
/sys/devices/pci0000:00/0000:00:1d.1/usb3/3-0:1.0/usbdev3.1_ep81/dev
/sys/devices/pci0000:00/0000:00:1d.1/usb3/usbdev3.1_ep00/dev
/sys/devices/pci0000:00/0000:00:1d.2/usb4/4-0:1.0/usbdev4.1_ep81/dev
/sys/devices/pci0000:00/0000:00:1d.2/usb4/usbdev4.1_ep00/dev
/sys/devices/pci0000:00/0000:00:1d.3/usb5/5-0:1.0/usbdev5.1_ep81/dev
/sys/devices/pci0000:00/0000:00:1d.3/usb5/usbdev5.1_ep00/dev
/sys/devices/pci0000:00/0000:00:1d.7/usb1/1-0:1.0/usbdev1.1_ep81/dev
/sys/devices/pci0000:00/0000:00:1d.7/usb1/usbdev1.1_ep00/dev
-- Kernel configuration:
isapnp_init not present.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages udev depends on:
ii debconf [debconf-2.0] 1.5.11etch1 Debian configuration management sy
ii libc6 2.3.6.ds1-13etch4 GNU C Library: Shared libraries
ii libselinux1 1.32-3 SELinux shared libraries
ii libvolume-id0 0.105-4 libvolume_id shared library
ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip
udev recommends no packages.
-- debconf information:
udev/new_kernel_needed: false
udev/reboot_needed:
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
