Re: dynamic /dev security hole?

From: Michael Buesch
Date: Mon Aug 09 2004 - 10:39:29 EST


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Quoting Eric Lammerts <eric@xxxxxxxxxxxx>:
> Just an idea for a fix for this problem: If udev would change the
> permissions to 000 and ownership to root.root just before it unlinks
> the device node, the copy would become useless.

Like this?
Only compile tested against glibc.


===== udev-remove.c 1.31 vs edited =====
- --- 1.31/udev-remove.c 2004-04-01 04:12:56 +02:00
+++ edited/udev-remove.c 2004-08-09 15:23:12 +02:00
@@ -79,6 +79,23 @@
strfieldcat(filename, dev->name);

info("removing device node '%s'", filename);
+ /* first remove all permissions on the device node.
+ * This fixes a security issue. If the user created
+ * a hard-link to the device node, he can't use this
+ * anymore, if we change permissions.
+ */
+ retval = chmod(filename, 0000);
+ if (retval) {
+ info("chmod(%s, 0000) failed with error '%s'",
+ filename, strerror(errno));
+ // we continue nevertheless.
+ }
+ retval = chown(filename, 0, 0);
+ if (retval) {
+ info("chown(%s, 0, 0) failed with error '%s'",
+ filename, strerror(errno));
+ // we continue nevertheless.
+ }
retval = unlink(filename);
if (errno == ENOENT)
retval = 0;

- --
Regards Michael Buesch [ http://www.tuxsoft.de.vu ]


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBF3yMFGK1OIvVOP4RArMrAJ0SvykBehCxPUYPLPIQuGRn3m5eHgCfShXs
e/S0iWzu/qTtDVb1+zp9LRo=
=UsXa
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/