-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package: udev Version: 208-7 Severity: critical
The newest version of udev generates /dev/stdout as plain file instead as symlink to /proc/self/fd/1 with every boot. (stderr and stdin are created correctly.) This is a security leak for some stuff and a problem for many tools especially security ones that explicitly handle stdout for some reasons. The content in that file directly after boot (you can find below) pointed out that it happens especially for udev itself. This bug affects the whole system. /dev/stdout file content: d /dev/cpu 0755 - - - c /dev/cpu/microcode 0600 - - - 10:184 c /dev/autofs 0600 - - - 10:235 c /dev/fuse 0600 - - - 10:229 c /dev/cuse 0600 - - - 10:203 c /dev/loop-control 0600 - - - 10:237 d /dev/net 0755 - - - c /dev/net/tun 0600 - - - 10:200 c /dev/ppp 0600 - - - 108:0 c /dev/uinput 0600 - - - 10:223 d /dev/mapper 0755 - - - c /dev/mapper/control 0600 - - - 10:236 c /dev/vhost-net 0600 - - - 10:238 - -- Package-specific info: - -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (800, 'unstable'), (110, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.15.6 (SMP w/8 CPU cores) Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE) Shell: /bin/sh linked to /bin/dash Versions of packages udev depends on: ii debconf [debconf-2.0] 1.5.53 ii libacl1 2.2.52-1 ii libblkid1 2.20.1-5.8 ii libc6 2.19-7 ii libkmod2 18-1 ii libselinux1 2.3-1 ii libudev1 208-7 ii lsb-base 4.1+Debian13 ii procps 1:3.3.9-7 ii util-linux 2.20.1-5.8 udev recommends no packages. udev suggests no packages. - -- debconf information: udev/title/upgrade: udev/sysfs_deprecated_incompatibility: udev/new_kernel_needed: false udev/reboot_needed: - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <kl...@ethgen.de> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJT6Pi6AAoJEKZ8CrGAGfasZIoMAKzWK+7D1BzBxC5QefkinDwy O2DhvDT1UY15l6xqsoiqat2UP0xd0q9+NU6J2s2TlzZzdM5r26wMyhkpxl2/rhkL y95LmU4LhtTh9nNSqYhqLOtTatKaXU7Gg4c2hbJbaaV193fWD7qc+q6d21uvA23d xFe7t2dS81c+gNVw2Wj5PQ6FgemHFIbg/KvkUmhVjnavmQJ9ftG6BMzULdvcKEmz BWknPEADEskXLFeI09WJtg2cmns07cF0MlZWno633xnSkIyt0gOY4IyDVFLBacC2 Ngght+vdVWpTEDwvDJCRQKRgO4yze7Pt1LKPJ2Q9Fs2mrrPUNDliK904C7zX8clL B6NwnvpSQ5pQCEbgRczco92/IWGPNLKRkXtO76JN0c8sV1Qa7fyFvkdXvD1dtpE5 9XoNd32/qtJlwH+8RPCcfVgr1g9X+TJbgQP2vox4KXcU3pQu8hPMxbx2mYpnREyw a7eXNTK6sDdBtzdOb/wgBpQb7s/VLyDsX+gQY/i/aw== =mJf/ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
