Bug#404927: marked as done (udev believes hardware raid devices are removable and sets the permissions to group floppy)

Debian Bug Tracking System Sun, 14 Feb 2010 17:30:06 -0800

Your message dated Mon, 15 Feb 2010 02:26:19 +0100
with message-id <[email protected]>
and subject line Re: udev believes hardware raid devices are removable and sets 
the permissions to group floppy
has caused the Debian Bug report #404927,
regarding udev believes hardware raid devices are removable and sets the 
permissions to group floppy
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
404927: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=404927
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: udev
Version: 0.103-1
Severity: critical
Tags: security
Justification: root security hole


Hi there,

  Just noticed that udev sets the group of the hard disks to 'floppy'
  making them r/w to this group (actually, tiger noticed it):

brw-rw----  1 root floppy 8,  0 Dec 29 11:25 /dev/sda
brw-rw----  1 root floppy 8,  1 Dec 29 11:25 /dev/sda1
brw-rw----  1 root floppy 8,  2 Dec 29 11:25 /dev/sda2
brw-rw----  1 root floppy 8,  5 Dec 29 11:25 /dev/sda5
brw-rw----  1 root floppy 8,  6 Dec 29 11:25 /dev/sda6
brw-rw----  1 root floppy 8, 16 Dec 29 11:25 /dev/sdb
brw-rw----  1 root floppy 8, 17 Dec 29 11:25 /dev/sdb1
brw-rw----  1 root floppy 8, 32 Dec 29 11:25 /dev/sdc
brw-rw----  1 root floppy 8, 33 Dec 29 11:25 /dev/sdc1
brw-rw----  1 root floppy 8, 48 Dec 29 11:25 /dev/sdd
brw-rw----  1 root floppy 8, 49 Dec 29 11:25 /dev/sdd1
brw-rw----  1 root floppy 8, 50 Dec 29 11:25 /dev/sdd2

  The machine has a hardware raid controller:

0000:02:01.0 RAID bus controller: Adaptec AAC-RAID (rev 01)

  udevinfo gives this:

  looking at device '/block/sda':
    KERNEL=="sda"
    SUBSYSTEM=="block"
    DRIVER==""
    ATTR{stat}=="    3560      800   197252    27816     2406     4639    56368 
  392728        0    31056   420544"
    ATTR{size}=="20971776"
    ATTR{removable}=="1"
    ATTR{range}=="16"
    ATTR{dev}=="8:0"

  looking at parent device 
'/devices/pci0000:00/0000:00:1c.0/0000:02:01.0/host0/target0:0:0/0:0:0:0':
    KERNELS=="0:0:0:0"
    SUBSYSTEMS=="scsi"
    DRIVERS=="sd"
    ATTRS{ioerr_cnt}=="0x0"
    ATTRS{iodone_cnt}=="0x1771"
    ATTRS{iorequest_cnt}=="0x1771"
    ATTRS{iocounterbits}=="32"
    ATTRS{timeout}=="30"
    ATTRS{state}=="running"
    ATTRS{rev}=="V1.0"
    ATTRS{model}=="linux           "
    ATTRS{vendor}=="Adaptec "
    ATTRS{scsi_level}=="3"
    ATTRS{type}=="0"
    ATTRS{queue_type}=="ordered"
    ATTRS{queue_depth}=="256"
    ATTRS{device_blocked}=="0"

  looking at parent device 
'/devices/pci0000:00/0000:00:1c.0/0000:02:01.0/host0/target0:0:0':
    KERNELS=="target0:0:0"
    SUBSYSTEMS==""
    DRIVERS==""

  looking at parent device 
'/devices/pci0000:00/0000:00:1c.0/0000:02:01.0/host0':
    KERNELS=="host0"
    SUBSYSTEMS==""
    DRIVERS==""
  looking at parent device '/devices/pci0000:00/0000:00:1c.0/0000:02:01.0':
    KERNELS=="0000:02:01.0"
    SUBSYSTEMS=="pci"
    DRIVERS=="aacraid"
    ATTRS{broken_parity_status}=="0"
    ATTRS{enable}=="1"
    ATTRS{modalias}=="pci:v00009005d00000285sv00009005sd00000290bc01sc04i00"
    ATTRS{local_cpus}=="ff"
    ATTRS{irq}=="169"
    ATTRS{class}=="0x010400"
    ATTRS{subsystem_device}=="0x0290"
    ATTRS{subsystem_vendor}=="0x9005"
    ATTRS{device}=="0x0285"
    ATTRS{vendor}=="0x9005"

  looking at parent device '/devices/pci0000:00/0000:00:1c.0':
    KERNELS=="0000:00:1c.0"
    SUBSYSTEMS=="pci"
    DRIVERS==""
    ATTRS{broken_parity_status}=="0"
    ATTRS{enable}=="1"
    ATTRS{modalias}=="pci:v00008086d000025AEsv00000000sd00000000bc06sc04i00"
    ATTRS{local_cpus}=="ff"
    ATTRS{irq}=="0"
    ATTRS{class}=="0x060400"
    ATTRS{subsystem_device}=="0x0000"
    ATTRS{subsystem_vendor}=="0x0000"
    ATTRS{device}=="0x25ae"
    ATTRS{vendor}=="0x8086"

  looking at parent device '/devices/pci0000:00':
    KERNELS=="pci0000:00"
    SUBSYSTEMS==""
    DRIVERS==""

  Notice the 'aacraid' and 'adaptec' values that identify the hardware
  raid controller and the 'removable flag. I believe that this is not
  a misconfiguration of me and I don't have access to another machine
  with a hardware raid controller to test it there.

  I've classified this as a serious security hole, since the first user
  that is created when installing debian is in group 'floopy' and thus
  he may get superuser privileges in many ways and cause total data
  loss.

  Thanks in advance...

-- Package-specific info:
-- /etc/udev/rules.d/:
/etc/udev/rules.d/:
total 4
lrwxrwxrwx  1 root root  20 2006-02-03 14:43 020_permissions.rules -> 
../permissions.rules
lrwxrwxrwx  1 root root  13 2006-02-03 14:43 udev.rules -> ../udev.rules
lrwxrwxrwx  1 root root  25 2006-04-16 12:47 z20_persistent-input.rules -> 
../persistent-input.rules
lrwxrwxrwx  1 root root  19 2006-02-03 14:43 z20_persistent.rules -> 
../persistent.rules
-rw-r--r--  1 root root 605 2006-09-20 20:36 z25_persistent-net.rules
lrwxrwxrwx  1 root root  33 2006-05-28 15:54 z45_persistent-net-generator.rules 
-> ../persistent-net-generator.rules
lrwxrwxrwx  1 root root  12 2006-02-03 14:43 z50_run.rules -> ../run.rules
lrwxrwxrwx  1 root root  16 2006-02-03 14:43 z55_hotplug.rules -> 
../hotplug.rules
lrwxrwxrwx  1 root root  29 2006-09-20 20:36 z75_cd-aliases-generator.rules -> 
../cd-aliases-generator.rules

-- /sys/:
/sys/block/ram0/dev
/sys/block/ram10/dev
/sys/block/ram11/dev
/sys/block/ram12/dev
/sys/block/ram13/dev
/sys/block/ram14/dev
/sys/block/ram15/dev
/sys/block/ram1/dev
/sys/block/ram2/dev
/sys/block/ram3/dev
/sys/block/ram4/dev
/sys/block/ram5/dev
/sys/block/ram6/dev
/sys/block/ram7/dev
/sys/block/ram8/dev
/sys/block/ram9/dev
/sys/block/sda/dev
/sys/block/sda/sda1/dev
/sys/block/sda/sda2/dev
/sys/block/sda/sda5/dev
/sys/block/sda/sda6/dev
/sys/block/sdb/dev
/sys/block/sdb/sdb1/dev
/sys/block/sdc/dev
/sys/block/sdc/sdc1/dev
/sys/block/sdd/dev
/sys/block/sdd/sdd1/dev
/sys/block/sdd/sdd2/dev
/sys/class/graphics/fb0/dev
/sys/class/i2c-dev/i2c-0/dev
/sys/class/input/input0/event0/dev
/sys/class/input/input1/event1/dev
/sys/class/input/input2/event2/dev
/sys/class/input/input2/mouse0/dev
/sys/class/input/input2/ts0/dev
/sys/class/input/mice/dev
/sys/class/misc/hpet/dev
/sys/class/misc/psaux/dev
/sys/class/misc/snapshot/dev
/sys/class/misc/watchdog/dev
/sys/class/usb_device/usbdev1.1/dev
/sys/class/usb_device/usbdev2.1/dev
/sys/class/usb_device/usbdev3.1/dev
/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-0:1.0/usbdev2.1_ep81/dev
/sys/devices/pci0000:00/0000:00:1d.0/usb2/usbdev2.1_ep00/dev
/sys/devices/pci0000:00/0000:00:1d.1/usb3/3-0:1.0/usbdev3.1_ep81/dev
/sys/devices/pci0000:00/0000:00:1d.1/usb3/usbdev3.1_ep00/dev
/sys/devices/pci0000:00/0000:00:1d.7/usb1/1-0:1.0/usbdev1.1_ep81/dev
/sys/devices/pci0000:00/0000:00:1d.7/usb1/usbdev1.1_ep00/dev

-- Kernel configuration:


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-3-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages udev depends on:
ii  debconf [debconf-2.0]        1.4.30.13   Debian configuration management sy
ii  libc6                        2.3.6.ds1-8 GNU C Library: Shared libraries
ii  libselinux1                  1.32-3      SELinux shared libraries
ii  libvolume-id0                0.103-1     libvolume_id shared library
ii  lsb-base                     3.1-22      Linux Standard Base 3.1 init scrip

-- debconf information:
  udev/new_kernel_needed: false
  udev/reboot_needed:

--- End Message ---

--- Begin Message ---

On Fri, Dec 29, 2006 at 11:51:41AM +0200, Stefanos Harhalakis wrote:
> Package: udev
> Version: 0.103-1
> Severity: critical
> Tags: security
> Justification: root security hole
> 
> 
> Hi there,
> 
>   Just noticed that udev sets the group of the hard disks to 'floppy'
>   making them r/w to this group (actually, tiger noticed it):
> 
> brw-rw----  1 root floppy 8,  0 Dec 29 11:25 /dev/sda
> brw-rw----  1 root floppy 8,  1 Dec 29 11:25 /dev/sda1
> brw-rw----  1 root floppy 8,  2 Dec 29 11:25 /dev/sda2
> brw-rw----  1 root floppy 8,  5 Dec 29 11:25 /dev/sda5
> brw-rw----  1 root floppy 8,  6 Dec 29 11:25 /dev/sda6
> brw-rw----  1 root floppy 8, 16 Dec 29 11:25 /dev/sdb
> brw-rw----  1 root floppy 8, 17 Dec 29 11:25 /dev/sdb1
> brw-rw----  1 root floppy 8, 32 Dec 29 11:25 /dev/sdc
> brw-rw----  1 root floppy 8, 33 Dec 29 11:25 /dev/sdc1
> brw-rw----  1 root floppy 8, 48 Dec 29 11:25 /dev/sdd
> brw-rw----  1 root floppy 8, 49 Dec 29 11:25 /dev/sdd1
> brw-rw----  1 root floppy 8, 50 Dec 29 11:25 /dev/sdd2
> 
>   The machine has a hardware raid controller:

This was fixed in udev for Lenny in a point update and shouldn't occur 
with recent kernels any longer.

Please reopen if you can still reproduce the error with a current setup.

Cheers,
        Moritz

--- End Message ---

Bug#404927: marked as done (udev believes hardware raid devices are removable and sets the permissions to group floppy)

Reply via email to