This doesn't appear to affect systems running the 2.4.0test series kernels. I'm running 2.4.0-test10 and all it did was fill my screen with random colors .. I could just ctrl-c it and clear the screen. Doesn't seem like there is anything broken by doing chmod 600 /dev/fb*, but all I'm running is console and XF86 4.0 in DRI mode.
-Henry On Sun, 19 Nov 2000, Ethan Benson wrote: > > does anyone know why debian has /dev/fb* with 622 permissions? > > the reason i ask is there is a pretty nasty security problem with > this, try the following: > > cat /dev/urandom > /dev/fb0 > > on my system i get a instant kernel panic (2.2.17 from ftp.kernel.org). > since the framebuffer devices are world writable anyone with a shell > account can crash the system, not nice. (i have a blue G3 using > aty128fb) > > what is broken by setting the permissions on all the framebuffer > devices to 0600 ? > > -- > Ethan Benson > http://www.alaska.net/~erbenson/ >
