Date: Thu, 22 Feb 2024 21:56:01 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 277228] Device permissions security hole with partitioning (/dev/geom.ctl) Message-ID: <bug-277228-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277228 Bug ID: 277228 Summary: Device permissions security hole with partitioning (/dev/geom.ctl) Product: Base System Version: Unspecified Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: misc Assignee: bugs@FreeBSD.org Reporter: vince.bsd@hightek.org Any user belonging to the 'operator' group has the power to completely dele= te and re-create partition tables on all unmounted drive devices on the entire system, just because the devices belong to that group, even if there is no = read or write access to the devices by the group. It is very counter intuitive and unexpected to see devices that have no wri= te access and even no read access, yet be able to do something as critical as delete the entire partition table by just belonging to the group, which cre= ates a significant security hole in FreeBSD that even the most seasoned systems administrator can easily and unexpectedly fall into.=20=20 If I want, for example, to give certain users the ability to partition and write thumb drives, there is no way to do this by setting up a group and wr= ite permission on the flash drive devices (/dev/da*). It requires me make them belong to the same group as /dev/geom.ctl which allows partitioning of every device on the system. Here are the default permissions for geom.ctl. crw-r----- 1 root operator 0xa Nov 16 11:50 /dev/geom.ctl Here are the default permissions for the devices. crw-r----- 1 root operator 0x53 Nov 16 11:50 /dev/ada0 crw-r----- 1 root operator 0x55 Nov 16 11:50 /dev/ada0p1 ... This is not limited, of course, to the operator group. I can change the gr= oup on the drive devices to any other group that I am a member of and even remo= ve read permission for the group on the drives and can still delete the partit= ion table. There is a more detailed discussion on the issue in the forum at https://forums.freebsd.org/threads/gpart-device-permissions-security-hole-d= ev-geom-ctl.92397 Title: gpart device permissions security hole (/dev/geom.ctl) PS: Hopefully this will post in a readable format. Preview is broken in bo= th firefox and chrome (just shows a blank window) and I discovered it apparent= ly has been for several years. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D250699 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-277228-227>