Your message dated Tue, 27 Feb 2007 04:32:24 -0800
with message-id <[EMAIL PROTECTED]>
and subject line udev believes hardware raid devices are removable and sets the
permissions to group floppy
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: udev
Version: 0.103-1
Severity: critical
Tags: security
Justification: root security hole
Hi there,
Just noticed that udev sets the group of the hard disks to 'floppy'
making them r/w to this group (actually, tiger noticed it):
brw-rw---- 1 root floppy 8, 0 Dec 29 11:25 /dev/sda
brw-rw---- 1 root floppy 8, 1 Dec 29 11:25 /dev/sda1
brw-rw---- 1 root floppy 8, 2 Dec 29 11:25 /dev/sda2
brw-rw---- 1 root floppy 8, 5 Dec 29 11:25 /dev/sda5
brw-rw---- 1 root floppy 8, 6 Dec 29 11:25 /dev/sda6
brw-rw---- 1 root floppy 8, 16 Dec 29 11:25 /dev/sdb
brw-rw---- 1 root floppy 8, 17 Dec 29 11:25 /dev/sdb1
brw-rw---- 1 root floppy 8, 32 Dec 29 11:25 /dev/sdc
brw-rw---- 1 root floppy 8, 33 Dec 29 11:25 /dev/sdc1
brw-rw---- 1 root floppy 8, 48 Dec 29 11:25 /dev/sdd
brw-rw---- 1 root floppy 8, 49 Dec 29 11:25 /dev/sdd1
brw-rw---- 1 root floppy 8, 50 Dec 29 11:25 /dev/sdd2
The machine has a hardware raid controller:
0000:02:01.0 RAID bus controller: Adaptec AAC-RAID (rev 01)
udevinfo gives this:
looking at device '/block/sda':
KERNEL=="sda"
SUBSYSTEM=="block"
DRIVER==""
ATTR{stat}==" 3560 800 197252 27816 2406 4639 56368
392728 0 31056 420544"
ATTR{size}=="20971776"
ATTR{removable}=="1"
ATTR{range}=="16"
ATTR{dev}=="8:0"
looking at parent device
'/devices/pci0000:00/0000:00:1c.0/0000:02:01.0/host0/target0:0:0/0:0:0:0':
KERNELS=="0:0:0:0"
SUBSYSTEMS=="scsi"
DRIVERS=="sd"
ATTRS{ioerr_cnt}=="0x0"
ATTRS{iodone_cnt}=="0x1771"
ATTRS{iorequest_cnt}=="0x1771"
ATTRS{iocounterbits}=="32"
ATTRS{timeout}=="30"
ATTRS{state}=="running"
ATTRS{rev}=="V1.0"
ATTRS{model}=="linux "
ATTRS{vendor}=="Adaptec "
ATTRS{scsi_level}=="3"
ATTRS{type}=="0"
ATTRS{queue_type}=="ordered"
ATTRS{queue_depth}=="256"
ATTRS{device_blocked}=="0"
looking at parent device
'/devices/pci0000:00/0000:00:1c.0/0000:02:01.0/host0/target0:0:0':
KERNELS=="target0:0:0"
SUBSYSTEMS==""
DRIVERS==""
looking at parent device
'/devices/pci0000:00/0000:00:1c.0/0000:02:01.0/host0':
KERNELS=="host0"
SUBSYSTEMS==""
DRIVERS==""
looking at parent device '/devices/pci0000:00/0000:00:1c.0/0000:02:01.0':
KERNELS=="0000:02:01.0"
SUBSYSTEMS=="pci"
DRIVERS=="aacraid"
ATTRS{broken_parity_status}=="0"
ATTRS{enable}=="1"
ATTRS{modalias}=="pci:v00009005d00000285sv00009005sd00000290bc01sc04i00"
ATTRS{local_cpus}=="ff"
ATTRS{irq}=="169"
ATTRS{class}=="0x010400"
ATTRS{subsystem_device}=="0x0290"
ATTRS{subsystem_vendor}=="0x9005"
ATTRS{device}=="0x0285"
ATTRS{vendor}=="0x9005"
looking at parent device '/devices/pci0000:00/0000:00:1c.0':
KERNELS=="0000:00:1c.0"
SUBSYSTEMS=="pci"
DRIVERS==""
ATTRS{broken_parity_status}=="0"
ATTRS{enable}=="1"
ATTRS{modalias}=="pci:v00008086d000025AEsv00000000sd00000000bc06sc04i00"
ATTRS{local_cpus}=="ff"
ATTRS{irq}=="0"
ATTRS{class}=="0x060400"
ATTRS{subsystem_device}=="0x0000"
ATTRS{subsystem_vendor}=="0x0000"
ATTRS{device}=="0x25ae"
ATTRS{vendor}=="0x8086"
looking at parent device '/devices/pci0000:00':
KERNELS=="pci0000:00"
SUBSYSTEMS==""
DRIVERS==""
Notice the 'aacraid' and 'adaptec' values that identify the hardware
raid controller and the 'removable flag. I believe that this is not
a misconfiguration of me and I don't have access to another machine
with a hardware raid controller to test it there.
I've classified this as a serious security hole, since the first user
that is created when installing debian is in group 'floopy' and thus
he may get superuser privileges in many ways and cause total data
loss.
Thanks in advance...
-- Package-specific info:
-- /etc/udev/rules.d/:
/etc/udev/rules.d/:
total 4
lrwxrwxrwx 1 root root 20 2006-02-03 14:43 020_permissions.rules ->
../permissions.rules
lrwxrwxrwx 1 root root 13 2006-02-03 14:43 udev.rules -> ../udev.rules
lrwxrwxrwx 1 root root 25 2006-04-16 12:47 z20_persistent-input.rules ->
../persistent-input.rules
lrwxrwxrwx 1 root root 19 2006-02-03 14:43 z20_persistent.rules ->
../persistent.rules
-rw-r--r-- 1 root root 605 2006-09-20 20:36 z25_persistent-net.rules
lrwxrwxrwx 1 root root 33 2006-05-28 15:54 z45_persistent-net-generator.rules
-> ../persistent-net-generator.rules
lrwxrwxrwx 1 root root 12 2006-02-03 14:43 z50_run.rules -> ../run.rules
lrwxrwxrwx 1 root root 16 2006-02-03 14:43 z55_hotplug.rules ->
../hotplug.rules
lrwxrwxrwx 1 root root 29 2006-09-20 20:36 z75_cd-aliases-generator.rules ->
../cd-aliases-generator.rules
-- /sys/:
/sys/block/ram0/dev
/sys/block/ram10/dev
/sys/block/ram11/dev
/sys/block/ram12/dev
/sys/block/ram13/dev
/sys/block/ram14/dev
/sys/block/ram15/dev
/sys/block/ram1/dev
/sys/block/ram2/dev
/sys/block/ram3/dev
/sys/block/ram4/dev
/sys/block/ram5/dev
/sys/block/ram6/dev
/sys/block/ram7/dev
/sys/block/ram8/dev
/sys/block/ram9/dev
/sys/block/sda/dev
/sys/block/sda/sda1/dev
/sys/block/sda/sda2/dev
/sys/block/sda/sda5/dev
/sys/block/sda/sda6/dev
/sys/block/sdb/dev
/sys/block/sdb/sdb1/dev
/sys/block/sdc/dev
/sys/block/sdc/sdc1/dev
/sys/block/sdd/dev
/sys/block/sdd/sdd1/dev
/sys/block/sdd/sdd2/dev
/sys/class/graphics/fb0/dev
/sys/class/i2c-dev/i2c-0/dev
/sys/class/input/input0/event0/dev
/sys/class/input/input1/event1/dev
/sys/class/input/input2/event2/dev
/sys/class/input/input2/mouse0/dev
/sys/class/input/input2/ts0/dev
/sys/class/input/mice/dev
/sys/class/misc/hpet/dev
/sys/class/misc/psaux/dev
/sys/class/misc/snapshot/dev
/sys/class/misc/watchdog/dev
/sys/class/usb_device/usbdev1.1/dev
/sys/class/usb_device/usbdev2.1/dev
/sys/class/usb_device/usbdev3.1/dev
/sys/devices/pci0000:00/0000:00:1d.0/usb2/2-0:1.0/usbdev2.1_ep81/dev
/sys/devices/pci0000:00/0000:00:1d.0/usb2/usbdev2.1_ep00/dev
/sys/devices/pci0000:00/0000:00:1d.1/usb3/3-0:1.0/usbdev3.1_ep81/dev
/sys/devices/pci0000:00/0000:00:1d.1/usb3/usbdev3.1_ep00/dev
/sys/devices/pci0000:00/0000:00:1d.7/usb1/1-0:1.0/usbdev1.1_ep81/dev
/sys/devices/pci0000:00/0000:00:1d.7/usb1/usbdev1.1_ep00/dev
-- Kernel configuration:
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-3-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages udev depends on:
ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy
ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries
ii libselinux1 1.32-3 SELinux shared libraries
ii libvolume-id0 0.103-1 libvolume_id shared library
ii lsb-base 3.1-22 Linux Standard Base 3.1 init scrip
-- debconf information:
udev/new_kernel_needed: false
udev/reboot_needed:
--- End Message ---
--- Begin Message ---
Version: 0.105-2
reassign 404927 udev
found 404927 0.103-2
thanks
The fix to exclude these devices from the floppy group has been made in
udev. As it seems unlikely that this is going to be changed on the kernel
side, I think this bug should be considered closed.
Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
[EMAIL PROTECTED] http://www.debian.org/
--- End Message ---
