Re: dynamic /dev security hole?

From: Marc Ballarin
Date: Sun Aug 08 2004 - 17:04:53 EST


On Sun, 8 Aug 2004 09:21:15 -0700
Greg KH <greg@xxxxxxxxx> wrote:

> Patches to the udev HOWTO and FAQ are always welcome.
>

How about this? The first part is a spelling fix.

(Resend, I hate "smart" features in software...)

--- udev-FAQ.orig 2004-08-08 18:42:03.639348944 +0200
+++ udev-FAQ 2004-08-08 23:14:07.895684768 +0200
@@ -23,7 +23,7 @@
- the former had stayed around for many months with maintainer
claiming that everything works fine
- the latter had stayed, period.
- - the devfs maintainer/author disappeared and stoped maintaining
+ - the devfs maintainer/author disappeared and stopped maintaining
the code.

Q: But udev will not automatically load a driver if a /dev node is opened
@@ -98,6 +98,19 @@
And don't have to be root but will get full permissions on /pendrive.
This works even without udev if /udev/pendrive is replaced by /dev/sda1

+Q: Are there any security issues that I should be aware of?
+A: When using dynamic device numbers, a given pair of major/minor numbers may
+ point to different hardware over time. If a user has permission to access a
+ specific device node directly and is able to create hard links to this node,
+ he or she can do so to create a copy of the device node. When the device is
+ unplugged and udev removes the device node, the user's copy remains.
+ If the device node is later recreated with different permissions the hard
+ link can still be used to access the device using the old permissions.
+ (The same problem exists when using PAM to change permissions on login.)
+
+ The simplest solution is to prevent the creation of hard links by putting
+ /dev in a separate filesystem (tmpfs, ramfs, ...).
+
Q: I have other questions about udev, where do I ask them?
A: The linux-hotplug-devel mailing list is the proper place for it. The
address for it is linux-hotplug-devel@xxxxxxxxxxxxxxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/