event* with read and write permissions for all users (CVE-2022-46338))

Debian Bug Tracking System Fri, 09 Dec 2022 11:57:28 -0800

Your message dated Fri, 09 Dec 2022 19:52:58 +0000
with message-id <e1p3jqy-00dbnl...@fasolo.debian.org>
and subject line Bug#1024998: fixed in g810-led 0.4.2-1+deb11u1
has caused the Debian Bug report #1024998,
regarding g810-led: Security risk: Leaves /dev/input/event* with read and write 
permissions for all users (CVE-2022-46338)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1024998: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024998
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: g810-led
Version: 0.4.2-2.1
Severity: critical
Tags: patch upstream security
Justification: root security hole
X-Debbugs-Cc: xdru...@tinet.cat, Debian Security Team <t...@security.debian.org>

Dear Maintainer,

I hesitate to file as critical, but I came across a bug report in
upstream that looked serious enough since it would allow all local
processes to eavesdrop on keyboard input, including passwords, etc. I
haven't tried an exploit, but it seemed better to just restrict
/dev/input/event* permissions to those of other event dev files.

Without this patch, I can read /dev/input/event2 and /dev/input/event3 as a
normal user. I see bytes in /dev/input/event2 when typing as a normal
user and also typing in another terminal (Konsole) typing as
root. event3 only shows the characters typed by the normal user.

With the patch I can't read /dev/input/event* as a normal user.

And the bug is publically reported upstream (some 10 days ago).

   * What led up to the situation?

Reviewing upstream bugs, found https://github.com/MatMoul/g810-led/issues/293

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

Nothing really. I wrote the patch, rebuilt, and observed the
permissions were fixed. My keyboard seems to work both with and
without the patch (needs a kernel with CONFIG_HIDRAW), when calling
g810-led as root. As normal user it doesn't work (both with or without
patch), due to no permission for /dev/hidraw2.

It should really be fixed upstream, but maybe it's worth fixing meanwhile
or removing the package temporarily ?

-- System Information:
Debian Release: 11.5
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)

Kernel: Linux 5.19.4-gnu-eowyn21so-gc9d5f2140717-dirty (SMP w/6 CPU threads; 
PREEMPT)
Kernel taint flags: TAINT_CRAP
Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages g810-led depends on:
ii  libc6         2.31-13+deb11u4
ii  libg810-led0  0.4.2-2.1
ii  libgcc-s1     10.2.1-6
ii  libstdc++6    10.2.1-6

g810-led recommends no packages.

g810-led suggests no packages.

-- Configuration Files:
/etc/g810-led/profile changed [not included]

-- no debconf information

*** 
/home/xdrudis/g810-led/debian/patches/correct_permissions_in_event_device_files.patch
--- a/udev/g810-led.rules
+++ b/udev/g810-led.rules
@@ -1,25 +1,25 @@
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c336", MODE="666" RUN+="/usr/bin/g213-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c330", MODE="666" RUN+="/usr/bin/g410-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33a", MODE="666" RUN+="/usr/bin/g413-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c342", MODE="666" RUN+="/usr/bin/g512-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33c", MODE="666" RUN+="/usr/bin/g513-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c333", MODE="666" RUN+="/usr/bin/g610-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c338", MODE="666" RUN+="/usr/bin/g610-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c331", MODE="666" RUN+="/usr/bin/g810-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c337", MODE="666" RUN+="/usr/bin/g810-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33f", MODE="666" RUN+="/usr/bin/g815-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c32b", MODE="666" RUN+="/usr/bin/g910-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c335", MODE="666" RUN+="/usr/bin/g910-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c339", MODE="666" RUN+="/usr/bin/gpro-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c336", MODE="666" RUN+="/usr/bin/g213-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c330", MODE="666" RUN+="/usr/bin/g410-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33a", MODE="666" RUN+="/usr/bin/g413-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c342", MODE="666" RUN+="/usr/bin/g512-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33c", MODE="666" RUN+="/usr/bin/g513-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c333", MODE="666" RUN+="/usr/bin/g610-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c338", MODE="666" RUN+="/usr/bin/g610-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c331", MODE="666" RUN+="/usr/bin/g810-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c337", MODE="666" RUN+="/usr/bin/g810-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c32b", MODE="666" RUN+="/usr/bin/g910-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c335", MODE="666" RUN+="/usr/bin/g910-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c339", MODE="666" RUN+="/usr/bin/gpro-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c336", MODE="660" RUN+="/usr/bin/g213-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c330", MODE="660" RUN+="/usr/bin/g410-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33a", MODE="660" RUN+="/usr/bin/g413-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c342", MODE="660" RUN+="/usr/bin/g512-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33c", MODE="660" RUN+="/usr/bin/g513-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c333", MODE="660" RUN+="/usr/bin/g610-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c338", MODE="660" RUN+="/usr/bin/g610-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c331", MODE="660" RUN+="/usr/bin/g810-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c337", MODE="660" RUN+="/usr/bin/g810-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33f", MODE="660" RUN+="/usr/bin/g815-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c32b", MODE="660" RUN+="/usr/bin/g910-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c335", MODE="660" RUN+="/usr/bin/g910-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c339", MODE="660" RUN+="/usr/bin/gpro-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c336", MODE="660" RUN+="/usr/bin/g213-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c330", MODE="660" RUN+="/usr/bin/g410-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33a", MODE="660" RUN+="/usr/bin/g413-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c342", MODE="660" RUN+="/usr/bin/g512-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33c", MODE="660" RUN+="/usr/bin/g513-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c333", MODE="660" RUN+="/usr/bin/g610-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c338", MODE="660" RUN+="/usr/bin/g610-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c331", MODE="660" RUN+="/usr/bin/g810-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c337", MODE="660" RUN+="/usr/bin/g810-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c32b", MODE="660" RUN+="/usr/bin/g910-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c335", MODE="660" RUN+="/usr/bin/g910-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c339", MODE="660" RUN+="/usr/bin/gpro-led -p 
/etc/g810-led/profile"

--- End Message ---

--- Begin Message ---

Source: g810-led
Source-Version: 0.4.2-1+deb11u1
Done: Stephen Kitt <sk...@debian.org>

We believe that the bug you reported is fixed in the latest version of
g810-led, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1024...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Stephen Kitt <sk...@debian.org> (supplier of updated g810-led package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 30 Nov 2022 08:24:25 +0100
Source: g810-led
Architecture: source
Version: 0.4.2-1+deb11u1
Distribution: bullseye
Urgency: medium
Maintainer: Stephen Kitt <sk...@debian.org>
Changed-By: Stephen Kitt <sk...@debian.org>
Closes: 1024998
Changes:
 g810-led (0.4.2-1+deb11u1) bullseye; urgency=medium
 .
   * Control device access with uaccess instead of making everything
     world-writable. Thanks to Xavi Drudis Ferran for the report!
     Closes:#1024998. (CVE-2022-46338.)
Checksums-Sha1:
 324e8f67c0fb0559b96828aafac5010effff1ecf 1985 g810-led_0.4.2-1+deb11u1.dsc
 1a1c31f63d9811064cd22decbad1a58017bc81ac 5940 
g810-led_0.4.2-1+deb11u1.debian.tar.xz
 10211d53d2724742bcf27d7dfa0cb9ab707613a5 6512 
g810-led_0.4.2-1+deb11u1_source.buildinfo
Checksums-Sha256:
 e3a9c3c83954f4a2d5653619b79871e34d71a7bfc9f6e11e3136f5aa0408d5af 1985 
g810-led_0.4.2-1+deb11u1.dsc
 8641a1d6d7babbd866ed8b25c285b1a5e62f7ae794584c1422df2619e89bf697 5940 
g810-led_0.4.2-1+deb11u1.debian.tar.xz
 c93b42b926823a1aee0590886c8f81f2b6f6671f3360c3a66ead284c4027901c 6512 
g810-led_0.4.2-1+deb11u1_source.buildinfo
Files:
 b0c2e7f9a689447f03dcd2f691692ca7 1985 utils optional 
g810-led_0.4.2-1+deb11u1.dsc
 945a484164d2b38052d360beb94336ce 5940 utils optional 
g810-led_0.4.2-1+deb11u1.debian.tar.xz
 8f4e98b9c7ecfba6bb0019e7119faa73 6512 utils optional 
g810-led_0.4.2-1+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEnPVX/hPLkMoq7x0ggNMC9Yhtg5wFAmOHBY4ACgkQgNMC9Yht
g5zFMxAAnlvMZoC5pVTjeNM/dthXrpNetQWjP9SoeTnCvsbNwiaXy/4QxdBMM3uH
MDkkEOeK2K4Z1txEKLsW6AKwDiHQhG3YHVS6O+GXODPQN80Ubul1gxjsJdW26LST
hAvKA7mOQTb6yUeD4x101zdtxLT79jLUPY6n8Wd7hEZYKjGH87Ofmbh2CElX4wuO
Ge9jNbu/kkiZ0lJ8ReewUcABqADRNuuX0oio1Y1yzS548en8+ssOQv72QFfkfMCn
iTmP0W+2RlTO6ZDtCk52Evo8PAOIvjs71ILgYHqBsBcjbdlYPrCOTxv1vesJ1CL/
qEWTYcWMoxkqGTXnrgCRuF5sVmwrde4eWCjATv1y8eEsvw52rGB97/ak9FWp0eIs
Ft61l/mqs+gDGtZ+FTUII/Wtu3LSkxa7wrUW0o8E0s9++oN3HHUrWgARojaS7/jO
Sf4q2dVRzyYCh+JeJue3UHL0F3H6Vm3WpOwyNIs1WQngBa/ZiInMekK+DolbYcP0
pAC2xmOnrNY06FXbgipFUkfGTuVoUCNn+oZn8oAduA0ybualGWkaga9tTAw5OFRJ
roBOL3jSdZ8BsQDZ2+KKtAjYn5okOhbrV95uykkloqXltY8vMLv5UXs3oNRBHF+6
tVZ7F+9Z8D+xorDsHEyoNUqWEKS4noTfwrrEvTOL3H1EqthndMA=
=YO1Q
-----END PGP SIGNATURE-----

--- End Message ---

Bug#1024998: marked as done (g810-led: Security risk: Leaves /dev/input/event* with read and write permissions for all users (CVE-2022-46338))

Reply via email to