From: Marc Ballarin <Ballarin.Marc@gmx.de>
To: Albert Cahalan <albert@users.sf.net>
Cc: linux-kernel@vger.kernel.org, greg@kroah.com
Subject: Re: dynamic /dev security hole?
Date: Sun, 8 Aug 2004 17:58:34 +0200 [thread overview]
Message-ID: <20040808175834.59758fc0.Ballarin.Marc@gmx.de> (raw)
In-Reply-To: <1091969260.5759.125.camel@cube>
On 08 Aug 2004 08:47:40 -0400
Albert Cahalan <albert@users.sf.net> wrote:
> Suppose I have access to a device, for whatever legit
> reason. Maybe I'm given access to a USB key with
> some particular serial number.
>
> I hard link this to somewhere else. Never mind that an
> admin could in theory use 42 separate partitions and
> mount most of the system with the "nodev" option. This
> is rarely done.
>
> Now the device is removed. The /dev entry goes away.
> A new device is added, and it gets the same device
> number as the device I had legit access to. Hmmm?
This would require (1) /dev to be inside the root filesystem and (2) users
having write access somewhere in that filesystem.
(1) is uncommon, often a separate filesystem is used for udev
(2) is very bad practice anyway and should never be seen on a true
multi-user machine
Besides, this is nothing new. Dynamic permission updates through PAM have
the same issue, and anyone calling themselves "admin" should be well aware
of those issues. This is basic Unix-security, after all.
Yet, this issue should probably mentioned in documentation. It certainly
should be mentioned in the udev-HOWTO.
Regards
next prev parent reply other threads:[~2004-08-08 15:56 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-08 12:47 dynamic /dev security hole? Albert Cahalan
2004-08-08 15:58 ` Marc Ballarin [this message]
2004-08-08 15:04 ` Albert Cahalan
2004-08-08 20:42 ` Greg KH
2004-08-08 16:21 ` Greg KH
2004-08-08 21:43 ` Marc Ballarin
2004-08-08 22:07 ` Marc Ballarin
2004-08-09 4:40 ` Eric Lammerts
2004-08-09 13:30 ` Michael Buesch
2004-08-09 13:19 ` Albert Cahalan
2004-08-09 16:54 ` Michael Buesch
2004-08-09 17:04 ` Eric Lammerts
2004-08-09 17:14 ` Michael Buesch
2004-08-10 0:21 ` Greg KH
2004-08-11 17:12 ` [RFC, PATCH] sys_revoke(), just a try. (was: Re: dynamic /dev security hole?) Michael Buesch
2004-08-12 16:49 ` Michael Buesch
2004-08-12 19:51 ` Alan Cox
2004-08-12 19:39 ` Albert Cahalan
2004-08-13 12:39 ` Michael Buesch
2004-08-09 14:49 ` dynamic /dev security hole? Alan Cox
2004-08-09 16:17 ` Eric Lammerts
2004-08-09 15:33 ` Alan Cox
2004-08-09 16:47 ` Eric Lammerts
2004-08-09 17:54 ` Alan Cox
2004-08-10 0:21 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040808175834.59758fc0.Ballarin.Marc@gmx.de \
--to=ballarin.marc@gmx.de \
--cc=albert@users.sf.net \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.