Vulnerability Development mailing list archives
Re: Window manager - implementation bug/feature ???
From: metal_hurlant () YAHOO COM (Metal Hurlant)
Date: Thu, 7 Oct 1999 11:00:20 +0200
I think they call it a feature. it allows an unpriviledged console user to access the cd-rom or the floppy disk. other OSes have been allowing this for ages.. it sounds like a reasonable thing to do to avoid executing priviledged code each time you want to read a disk. Regards, Henri On Thu, 07 Oct 1999, you wrote:
Hi, I noticed something interesting which I am not sure whether it is the way things should be. I have installed Redhat 6.0 for Intel with KDE (this works for Gnome too). -------------------------------- [> [root@localhost mithun]# uname -a Linux localhost.localdomain 2.2.5-15 #1 Mon Apr 19 21:39:28 EDT 1999 i686 unknown [> [root@localhost mithun]# rpm -q kdebase kdebase-1.1.1pre2-2 -------------------------------- Next I created a non-priviledged user "mithun" using useradd and logged in using that userid. After this I do a su to change to root and fire up X-windows. Now I open a Kconsole and do ls -l /dev | grep mithun and this is what I get (I get somthing simillar in case of Gnome too - I haven't checked AnotherLevel for this) ---------------------------- crw------- 1 mithun sys 14, 4 Apr 18 01:23 audio crw------- 1 mithun sys 14, 20 Apr 18 01:23 audio1 crw------- 1 mithun sys 14, 3 Apr 18 01:23 dsp crw------- 1 mithun sys 14, 19 Apr 18 01:23 dsp1 crw------- 1 mithun root 29, 0 Apr 12 21:12 fb0 crw------- 1 mithun root 29, 32 Apr 12 21:12 fb1 crw------- 1 mithun root 29, 64 Apr 12 21:17 fb2 crw------- 1 mithun root 29, 96 Apr 12 21:17 fb3 crw------- 1 mithun root 29, 128 Apr 12 21:17 fb4 crw------- 1 mithun root 29, 160 Apr 12 21:17 fb5 crw------- 1 mithun root 29, 192 Apr 12 21:17 fb6 crw------- 1 mithun root 29, 224 Apr 12 21:18 fb7 brw------- 1 mithun floppy 2, 0 May 6 1998 fd0 brw------- 1 mithun floppy 2, 12 May 6 1998 fd0D360 brw------- 1 mithun floppy 2, 16 May 6 1998 fd0D720 brw------- 1 mithun floppy 2, 28 May 6 1998 fd0H1440 brw------- 1 mithun floppy 2, 12 May 6 1998 fd0H360 brw------- 1 mithun floppy 2, 16 May 6 1998 fd0H720 brw------- 1 mithun floppy 2, 4 May 6 1998 fd0d360 brw------- 1 mithun floppy 2, 8 May 6 1998 fd0h1200 brw------- 1 mithun floppy 2, 20 May 6 1998 fd0h360 brw------- 1 mithun floppy 2, 24 May 6 1998 fd0h720 brw------- 1 mithun floppy 2, 1 May 6 1998 fd1 brw------- 1 mithun floppy 2, 13 May 6 1998 fd1D360 brw------- 1 mithun floppy 2, 17 May 6 1998 fd1D720 brw------- 1 mithun floppy 2, 29 May 6 1998 fd1H1440 brw------- 1 mithun floppy 2, 13 May 6 1998 fd1H360 brw------- 1 mithun floppy 2, 17 May 6 1998 fd1H720 brw------- 1 mithun floppy 2, 5 May 6 1998 fd1d360 brw------- 1 mithun floppy 2, 9 May 6 1998 fd1h1200 brw------- 1 mithun floppy 2, 21 May 6 1998 fd1h360 brw------- 1 mithun floppy 2, 25 May 6 1998 fd1h720 brw------- 1 mithun disk 22, 0 May 6 1998 hdc crw------- 1 mithun root 15, 0 Apr 16 11:37 js0 crw------- 1 mithun root 15, 1 Apr 16 11:37 js1 crw------- 1 mithun root 15, 2 Apr 16 11:37 js2 crw------- 1 mithun root 15, 3 Apr 16 11:37 js3 crw------- 1 mithun sys 35, 0 Apr 18 01:23 midi0 crw------- 1 mithun sys 14, 2 Apr 18 01:23 midi00 crw------- 1 mithun sys 14, 18 Apr 18 01:23 midi01 crw------- 1 mithun sys 14, 34 Apr 18 01:23 midi02 crw------- 1 mithun sys 14, 50 Apr 18 01:23 midi03 crw------- 1 mithun sys 35, 1 Apr 18 01:23 midi1 crw------- 1 mithun sys 35, 2 Apr 18 01:23 midi2 crw------- 1 mithun sys 35, 3 Apr 18 01:23 midi3 crw------- 1 mithun sys 14, 0 Apr 18 01:23 mixer crw------- 1 mithun sys 14, 16 Apr 18 01:23 mixer1 crw------- 1 mithun sys 14, 1 Apr 18 01:23 sequencer crw--w---- 1 mithun tty 4, 1 Oct 5 18:01 tty1 crw--w---- 1 mithun tty 7, 1 May 6 1998 vcs1 crw--w---- 1 mithun tty 7, 129 May 6 1998 vcsa1 ---------------------------- I come out of X-Windows and logout completely. After this I login as root and start X-Windows and now everything under /dev is owned by root. What I can't understand is that why would devices like /dev/hdc (my cd drive !!!) , /dev/fd0 (my floppy drive) suddenly become owned by a non-priviledged user just because I ran X-Windows. Since remote root login is not allowed every superuser would be having a non-priviledged account on the system just in case he cant physically access the machine - so my scenario isn't exactly out of this world. Ofcourse from my point of view nothing in the /dev directory should be owned by a non-priviledged user (other than maybe the /dev/vcs* files and maybe /dev/tty??). Maybe I am wrong but I would really like to know what exactly is happening here. Regards Mithun
Current thread:
- Re: solaris DoS (fwd), (continued)
- Re: solaris DoS (fwd) Erik Parker (Oct 07)
- Window manager - implementation bug/feature ??? Mithun Bhattacharya (Oct 06)
- Re: Window manager - implementation bug/feature ??? Chris Wilson (Oct 07)
- Re: Window manager - implementation bug/feature ??? Erik Parker (Oct 07)
- Re: Window manager - implementation bug/feature ??? Michael Jennings (Oct 07)
- Re: Window manager - implementation bug/feature ??? Erik Parker (Oct 08)
- Re: Window manager - implementation bug/feature ??? Jim Paris (Oct 08)
- Console permissions in RH 6.X (was: Re: Window manager - impementation...) Taneli Huuskonen (Oct 09)
- Re: Console permissions in RH 6.X (was: Re: Window manager - impementation...) Seth R Arnold (Oct 09)
- Re: Window manager - implementation bug/feature ??? Ron DuFresne (Oct 08)
- Re: Window manager - implementation bug/feature ??? Metal Hurlant (Oct 07)
- Re: Window manager - implementation bug/feature ??? Erik Parker (Oct 07)
- Re: Window manager - implementation bug/feature ??? Jani Ollikainen (Oct 07)
- Re: solaris DoS (fwd) Jesus Cea Avion (Oct 18)