[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Reassigning back to "general"

reassign 25847 general

As far as base-files is concerned (permissions of /floppy and /cdrom),
this is fixed, but I do not know about the other points, so I'm 
reassigning this back to "general".

>From patrik@pandora.ms.mff.cuni.cz Wed Apr  5 12:00:09 2000
Date: Mon, 17 Aug 1998 19:48:10 +0200 (CEST)
From: Patrik Rak <patrik@pandora.ms.mff.cuni.cz>
Reply-To: prak3264@ss1000.ms.mff.cuni.cz, 25847@bugs.debian.org
To: submit@bugs.debian.org
Subject: #25847: general: Several security questions

Package: general
Version: N/A
Note that some of these might be (very) naive:

The log file /var/log/dpkg-mountable is world readable. It might be risky if
some of the configurations scripts asks for some password or like...


Is it ok that smail logs containg information about mail delivery are world


The mountpoints /cdrom and /floppy are set to g+wxs. However, I think that
the g+w flag is of no use here, as when a fstab entry with 'user' option
enabled is mounted, the access flags are changed and the mount point is
owned by respective user since then anyway. So the g+w just allows users in
the cdrom and floppy groups to store files on your root partition (when
/cdrom resp. /floppy is not mounted), which I don't consider useful.

I doubt that the g+s is of any use as well, and so is the setting of the
gids of these mountpoints to group cdrom resp. floppy.


Is it ok that anybody can use logger (resp. /dev/log) to fill all space in


Is it ok that anybody can write to /dev/console (resp. /dev/tty0)?
If not, makedev's devinfo is not ok.


Is it ok that currently unused (i.e., no one logged on at the moment, and
getty is waiting there) /dev/tty1-6 are chgrp dialout and chmod 0660? I
thought that dialout is for accessing the modem lines, i.e.,
/dev/ttyS0-4, and I would expect chgrp tty on tty1-6.


Is it ok that anybody can write anything to any
other tty (/dev/tty7-63) (fake log messages on /dev/tty8 come in mind) ?


Is there some deep purpose for vcs0-6 and vcsa0-6 (i.e., the used ones)
being chgrp sys while others vcs's and vcsa's are chgrp root?

-- System Information
Debian Release: 2.0
Kernel Version: Linux pandora 2.0.35 #1 Sat Aug 1 17:24:40 CEST 1998 i586 unkno

 "b894cdd6eb1257e113dae53a7921e70b" (a truly random sig)

Reply to: