Package: broadcom-sta-dkms Version: 6.30.223.248-2 Severity: critical Tags: security upstream
The wl module creates /proc/brcm_monitorN for each applicable device. At least with linux-image-3.16-0.bpo.2-amd64, reading from this file reliably sends my box into la-la land (symptoms are that CPU#2 is reported as stuck, and almost any process hangs). The file is mode 644, so this is possible for any local user. I noted this with monotone, which tries to trawl /proc files in a (arguably mistaken) attempt to gather randomness. monotone offers a network service, which may be affected. I can try reproduction with different kernels if it helps. What the file actually does is opaque to me. An easy fix would be to remove world readability in lines 3305 and 3308 of src/wl/sys/wl_linux.c -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
