Bug#405006: libgphoto2: mistake in udev rules gives permissions to non-gphoto2 devices
On Wed, Jan 17, 2007 at 01:17:32PM +0100, Frederic Peters wrote: Now, the package you've uploaded to unstable seems to offer an alternative fix, but I have some trouble understanding it so I'm still hesitant to accept it into etch. How does print-camera-list.c interface with udev to trigger calling check_ptp_camera? /etc/udev/rules.d/025_libghoto2.rules has this line: PROGRAM=check_ptp_camera 06/01/01, MODE=0660, GROUP=plugdev which will be called for every USB devices plugged in. Ah, so print-camera-list.c is used to generate the udev rules file, ok. That's what I needed to know, thanks. BTW, I'm pretty sure $( file) isn't POSIX sh, so check_ptp_camera shouldn't have /bin/sh listed as the interpreter. I'll have that fixed. Ok, I'm currently waiting on this fix before approving the update into etch; please let me know when I should review again. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405006: libgphoto2: mistake in udev rules gives permissions to non-gphoto2 devices
On Wed, Jan 17, 2007 at 01:00:42PM +0100, Nicolas George wrote: L'octidi 28 nivôse, an CCXV, Steve Langasek a écrit : I'm actually fairly disinclined to accept this change for etch since as you mention it is a regression, and moreover I haven't heard anything back from the bug submitter about what actually gets broken on his system with this bug since it works for me. I did answer to that, you probably missed it: if affects the raw USB devices in /dev/bus/usb/, which can be used with lubusb. Ah, sure enough, sorry for missing this. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
Bug#405006: libgphoto2: mistake in udev rules gives permissions to non-gphoto2 devices
L'octidi 28 nivôse, an CCXV, Steve Langasek a écrit : I'm actually fairly disinclined to accept this change for etch since as you mention it is a regression, and moreover I haven't heard anything back from the bug submitter about what actually gets broken on his system with this bug since it works for me. I did answer to that, you probably missed it: if affects the raw USB devices in /dev/bus/usb/, which can be used with lubusb. By the way, I do not understand why Frederic Peters told that putting two equal signs doesn't work: it seems to work fine here. Regards, -- Nicolas George signature.asc Description: Digital signature
Bug#405006: libgphoto2: mistake in udev rules gives permissions to non-gphoto2 devices
Hi Frederic, On Fri, Jan 12, 2007 at 04:30:21PM +0100, Frederic Peters wrote: Package: libgphoto2-2 Version: 2.2.1-12 Severity: grave Tags: security In /etc/udev/libgphoto2_generic_ptp_support.rules, there is the following rule: ACTION==add, SUBSYSTEM==usb_device, ENV{INTERFACE}=6/1/1, \ PROGRAM=/bin/sh -c 'K=%k; K=$${K#usbdev}; printf bus/usb/%%03i/%%03i $${K.*} $${K#*.}', \ NAME=%c, MODE=0660, GROUP=plugdev The single = sign after ENV{INTERFACE} means that the INTERFACE environment variable is set, not queried. The result is that all USB devices, and not only the PTP ones, are set to the plugdev group, thus giving some users access to devices they should not have access to. Suggested fix: put two equals signs Sorry I could not handle this earlier. Unfortunately putting two equal signs doesn't work. Unfortunately while I thought I finally managed to get a udev rule working for generic PTP cameras, it appears it is broken and I can only suggest I remove it. This will be a regression with regards to Sarge where hotplug was used but I can't see any other mean. vorlon: would such an upload have chances to get into etch ? I'm actually fairly disinclined to accept this change for etch since as you mention it is a regression, and moreover I haven't heard anything back from the bug submitter about what actually gets broken on his system with this bug since it works for me. Now, the package you've uploaded to unstable seems to offer an alternative fix, but I have some trouble understanding it so I'm still hesitant to accept it into etch. How does print-camera-list.c interface with udev to trigger calling check_ptp_camera? Anyway, without an explanation of what devices will actually be affected by this bug in practice, I'm inclined to downgrade the bug; that doesn't mean your bugfix won't be accepted in etch, but of course it would make doing so a lower priority, and weight the risk of regressions more heavily. BTW, I'm pretty sure $( file) isn't POSIX sh, so check_ptp_camera shouldn't have /bin/sh listed as the interpreter. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405006: libgphoto2: mistake in udev rules gives permissions to non-gphoto2 devices
Nicolas George wrote: L'octidi 28 nivôse, an CCXV, Steve Langasek a écrit : I'm actually fairly disinclined to accept this change for etch since as you mention it is a regression, and moreover I haven't heard anything back from the bug submitter about what actually gets broken on his system with this bug since it works for me. I did answer to that, you probably missed it: if affects the raw USB devices in /dev/bus/usb/, which can be used with lubusb. By the way, I do not understand why Frederic Peters told that putting two equal signs doesn't work: it seems to work fine here. It doesn't set appropriate group for devices which are PTP cameras but not explicitely known by libgphoto2. Frederic -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405006: libgphoto2: mistake in udev rules gives permissions to non-gphoto2 devices
Steve Langasek wrote: Now, the package you've uploaded to unstable seems to offer an alternative fix, but I have some trouble understanding it so I'm still hesitant to accept it into etch. How does print-camera-list.c interface with udev to trigger calling check_ptp_camera? /etc/udev/rules.d/025_libghoto2.rules has this line: PROGRAM=check_ptp_camera 06/01/01, MODE=0660, GROUP=plugdev which will be called for every USB devices plugged in. This script will return 0 if the device has a camera PTP interface and udev would then give the appropriate group. It is part of upstream 2.3.1 release and has been tested by Marcus Meissner for SuSE and Martin Pitt for Ubuntu. Anyway, without an explanation of what devices will actually be affected by this bug in practice, I'm inclined to downgrade the bug; that doesn't mean your bugfix won't be accepted in etch, but of course it would make doing so a lower priority, and weight the risk of regressions more heavily. I believe things such as crypto USB devices would be affected by the bug. BTW, I'm pretty sure $( file) isn't POSIX sh, so check_ptp_camera shouldn't have /bin/sh listed as the interpreter. I'll have that fixed. Regards, Frederic -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405006: libgphoto2: mistake in udev rules gives permissions to non-gphoto2 devices
L'octidi 28 nivôse, an CCXV, Frederic Peters a écrit : I believe things such as crypto USB devices would be affected by the bug. I do not understand what you call a crypto USB device. On the computer I discovered the bug, I had write access to the raw devices corresponding to the printer and the memory card reader. Regards, -- Nicolas George signature.asc Description: Digital signature
Bug#405006: libgphoto2: mistake in udev rules gives permissions to non-gphoto2 devices
L'octidi 28 nivôse, an CCXV, Frederic Peters a écrit : It doesn't set appropriate group for devices which are PTP cameras but not explicitely known by libgphoto2. That would be a problem, indeed. I do not have any of those myself, so I can not test. But I use the following rule for udev: $ cat /etc/udev/rules.d/000_log.rules PROGRAM=/bin/sh -c '{ date; env; echo; } /dev/hotplug.log 21' (having a log file in /dev is quite ugly, but it is the only filesystem that I know will always be mounted read-write before udev starts doing its work) With that, you can easily look if $INTERFACE is really what you expect it to be. Regards, -- Nicolas George signature.asc Description: Digital signature
Bug#405006: libgphoto2: mistake in udev rules gives permissions to non-gphoto2 devices
Nicolas George wrote: L'octidi 28 nivôse, an CCXV, Frederic Peters a écrit : I believe things such as crypto USB devices would be affected by the bug. I do not understand what you call a crypto USB device. On the computer I discovered the bug, I had write access to the raw devices corresponding to the printer and the memory card reader. I was thinking about one of those: http://www.cryptoflex.com/Products/connect_egate.html Frederic -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405006: libgphoto2: mistake in udev rules gives permissions to non-gphoto2 devices
Nicolas George wrote: Package: libgphoto2-2 Version: 2.2.1-12 Severity: grave Tags: security In /etc/udev/libgphoto2_generic_ptp_support.rules, there is the following rule: ACTION==add, SUBSYSTEM==usb_device, ENV{INTERFACE}=6/1/1, \ PROGRAM=/bin/sh -c 'K=%k; K=$${K#usbdev}; printf bus/usb/%%03i/%%03i $${K.*} $${K#*.}', \ NAME=%c, MODE=0660, GROUP=plugdev The single = sign after ENV{INTERFACE} means that the INTERFACE environment variable is set, not queried. The result is that all USB devices, and not only the PTP ones, are set to the plugdev group, thus giving some users access to devices they should not have access to. Suggested fix: put two equals signs Sorry I could not handle this earlier. Unfortunately putting two equal signs doesn't work. Unfortunately while I thought I finally managed to get a udev rule working for generic PTP cameras, it appears it is broken and I can only suggest I remove it. This will be a regression with regards to Sarge where hotplug was used but I can't see any other mean. vorlon: would such an upload have chances to get into etch ? Regards, Frederic -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405006: libgphoto2: mistake in udev rules gives permissions to non-gphoto2 devices
Package: libgphoto2-2 Version: 2.2.1-12 Severity: grave Tags: security In /etc/udev/libgphoto2_generic_ptp_support.rules, there is the following rule: ACTION==add, SUBSYSTEM==usb_device, ENV{INTERFACE}=6/1/1, \ PROGRAM=/bin/sh -c 'K=%k; K=$${K#usbdev}; printf bus/usb/%%03i/%%03i $${K.*} $${K#*.}', \ NAME=%c, MODE=0660, GROUP=plugdev The single = sign after ENV{INTERFACE} means that the INTERFACE environment variable is set, not queried. The result is that all USB devices, and not only the PTP ones, are set to the plugdev group, thus giving some users access to devices they should not have access to. Suggested fix: put two equals signs Regards, -- Nicolas George Irrelevant system information: ii adduser 3.100 ii libc6 2.3.6.ds1-8 ii libexif12 0.6.13-5 ii libgphoto2-port0 2.2.1-12 ii libjpeg62 6b-13 ii libltdl3 1.5.22-4 ii udev 0.103-1 Linux hellroy 2.6.18-3-686 #1 SMP Mon Dec 4 16:41:14 UTC 2006 i686 GNU/Linux signature.asc Description: Digital signature
Bug#405006: libgphoto2: mistake in udev rules gives permissions to non-gphoto2 devices
On Sat, Dec 30, 2006 at 10:49:26AM +0100, Nicolas George wrote: Package: libgphoto2-2 Version: 2.2.1-12 Severity: grave Tags: security In /etc/udev/libgphoto2_generic_ptp_support.rules, there is the following rule: ACTION==add, SUBSYSTEM==usb_device, ENV{INTERFACE}=6/1/1, \ PROGRAM=/bin/sh -c 'K=%k; K=$${K#usbdev}; printf bus/usb/%%03i/%%03i $${K.*} $${K#*.}', \ NAME=%c, MODE=0660, GROUP=plugdev The single = sign after ENV{INTERFACE} means that the INTERFACE environment variable is set, not queried. The result is that all USB devices, and not only the PTP ones, are set to the plugdev group, thus giving some users access to devices they should not have access to. Suggested fix: put two equals signs Isn't the plugdev group empty by default? This is obviously a bug, but I'm not sure it qualifies as a grave security bug. For that matter, with which devices are you seeing this problem? After upgrading to this version of libgphoto2-2, plugging in a USB hard drive still gives me: brw-rw 1 root disk 8, 0 2006-12-30 15:30 /dev/sda brw-rw 1 root disk 8, 1 2006-12-30 15:30 /dev/sda1 What class of USB devices are ending up under group plugdev that shouldn't? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#405006: libgphoto2: mistake in udev rules gives permissions to non-gphoto2 devices
Le decadi 10 nivôse, an CCXV, Steve Langasek a écrit : Isn't the plugdev group empty by default? This is obviously a bug, but I'm not sure it qualifies as a grave security bug. The administrator is encouraged to add to this group users that need to access cameras and similar devices. I believe this qualifies as a security risk: users that had no access to some resources now can access them, without the administrator knowing. The grave qualification is probably exaggerated, but I was under the impression that all security bugs should have it; maybe I was wrong; if so I am sorry. For that matter, with which devices are you seeing this problem? After upgrading to this version of libgphoto2-2, plugging in a USB hard drive still gives me: brw-rw 1 root disk 8, 0 2006-12-30 15:30 /dev/sda brw-rw 1 root disk 8, 1 2006-12-30 15:30 /dev/sda1 What class of USB devices are ending up under group plugdev that shouldn't? It concerns the raw USB devices, in /dev/bus/usb/, used by libusb for userland drivers. At the time where it was in /prob/bus/usb/, I believe only devices with no kernel driver were available there, but it seems no longer the case. In your example, you could probably have full access to the disk using a userland mass-storage driver (there is such a thing floating around on the web). Regards, -- Nicolas George signature.asc Description: Digital signature