Date: Mon, 18 Nov 2002 21:03:06 -0800 From: Kris Kennaway <kris@obsecurity.org> To: current@FreeBSD.org Subject: Device permissions with DEVFS Message-ID: <20021119050304.GA2608@rot13.obsecurity.org>
next in thread | raw e-mail | index | archive | help
--MGYHOYXEY6WxJCY8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Something that needs to be addressed before 5.0 is the insecure default permissions on many devices. For example, on my system, the following devices have insecure permissions on 5.0 (but not on 4.x with the default MAKEDEV settings): crw-r--r-- 1 root operator 117, 0 Nov 18 14:49 acd0 crw-rw-rw- 1 root wheel 21, 1 Nov 18 14:49 psm0 crw-rw-rw- 1 root wheel 180, 0 Nov 18 14:49 nvidia0 (This one isn't part of FreeBSD, but I might as well report it now) crw-rw-rw- 1 root wheel 30, 3 Nov 14 21:30 dsp0.0 crw-rw-rw- 1 root wheel 30, 0x00010003 Nov 8 23:38 dsp0.1 crw-rw-rw- 1 root wheel 30, 5 Nov 8 23:38 dspW0.0 crw-rw-rw- 1 root wheel 30, 0x00010005 Nov 8 23:38 dspW0.1 crw-rw-rw- 1 root wheel 30, 11 Nov 8 23:38 dspr0.0 These have the same permissions on 4.x, but they're still insecure (unprivileged users can read from a microphone). I'm sure there are others I have missed. Could everyone please check their /dev (better, check the kernel source)? Kris --MGYHOYXEY6WxJCY8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE92cYIWry0BWjoQKURAvfPAKDh5Rmif3CModJ2UIPyPd7uxFI0iACcCGLD eH4wCbP+mixkVzOrryc+rcQ= =TWx0 -----END PGP SIGNATURE----- --MGYHOYXEY6WxJCY8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021119050304.GA2608>