Bug#854009: soundmodem: starts kiss device with incorrect permissions

To: Dave Hibberd <d@vehibberd.com>, 854009@bugs.debian.org
Cc: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#854009: soundmodem: starts kiss device with incorrect permissions
From: Thomas Osterried <thomas@x-berg.in-berlin.de>
Date: Fri, 3 Feb 2017 08:49:15 +0100
Message-id: <[🔎] 20170203074915.GR24846@x-berg.in-berlin.de>
Reply-to: Thomas Osterried <thomas@x-berg.in-berlin.de>, 854009@bugs.debian.org
In-reply-to: <[🔎] 20170203003858.zokbtviovesdlpnq@dashie.foxk.it>
References: <[🔎] 20170203003858.zokbtviovesdlpnq@dashie.foxk.it>

Hello,

I'd like to argue that this is not the right approach.

group tty's default permissions are 0620.
That is so, in order to allow programs like write(1) or wall(1) writing to the
users terminal. These programs are set-gid-bit tty.
For soundmodem, those programs also should not be allowed to write to
/dev/soundmodem. Thus considered, not 0660 as suggested, but 0600 should
be the correct permission.

The patch suggests to add a user who's allowed operate with soundmodem
to the group tty. This would lead to an security risk by design, because
a normal user is user now able to read devices like /dev/vcs (virtual console
memory / screen dump).

The correct and non-harmful ownership would be the group "dialout", and then ok
with permission 0660. That goes along with the unix security design for modem
access permissions for users.
An even  better approach would be a group ownership for ham-radio-operators
(like ax25-apps/-tools suggest, with gid "hams" or "ax25"), but since there's
no standard and no defualt group currently in /etc/group, I suppose group
"dialout" would be sufficient.

vy 73,
	- Thomas  dl9sau


On Fri, Feb 03, 2017 at 12:39:01AM +0000, Dave Hibberd wrote:
> Package: soundmodem
> Version: 0.20-5
> Severity: normal
> Tags: patch
> 
> Dear Maintainer,
> 
> Running soundmodem creates a kiss serial device with permissions that render it 
> inaccessible to normal users, or users in the tty group.
> 
> Upon starting soundmodem with Channel "Packet IO" Mode set as KISS, soundmodem 
> creates a pty and a link to that file, /dev/soundmodem*.
> 
> Normal users, and users in the tty group cannot access this device - this means 
> packet programs, such as Xastir, have to be run as root. 
> 
> Listing the file permissions of the created devices shows:
> 
> → ls -al /dev/soundmodem0
> lrwxrwxrwx 1 root root 10 Feb  3 00:18 /dev/soundmodem0 -> /dev/pts/6
> 
> → ls -al /dev/pts/6
> crw--w---- 1 root tty 136, 6 Feb  3 00:18 /dev/pts/6
> 
> While root has rw on /dev/pts/6, group tty only has w. Applications cannot read 
> the terminal and show accessing it has failed.
> 
> I have included a very minor patch which details a proposed fix below. The patch 
> allows members of the 'tty' group to read and write to the pty device.
> 
> This has been committed to in the debian git server and can be viewed at:
> https://anonscm.debian.org/cgit/pkg-hamradio/soundmodem.git/ however it can be 
> discarded as per maintainer's choice. 
> 
> 
> Descriptions: Allow group to read/write the created pty
> Author: Dave Hibberd <d@vehibberd.com>
> Last-Updated: 2017-02-24
> 
> --- a/soundcard/kisspkt.c
> +++ b/soundcard/kisspkt.c
> @@ -758,7 +758,7 @@
>          tm.c_cflag = CS8 | CREAD | CLOCAL;
>          if (tcsetattr(slave, TCSANOW, &tm))
>                  logerr(MLOG_FATAL, "slave: tcsetattr");
> -	//fchmod(slave, 0600);
> +	fchmod(slave, 0660);
>  	if (dounlink)
>  		unlink(file);
>  	if (symlink(ttyname, file))
> 
> 
> -- System Information:
> Debian Release: 9.0
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
> 
> Kernel: Linux 4.8.0-2-amd64 (SMP w/8 CPU cores)
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages soundmodem depends on:
> ii  libasound2          1.1.2-1
> ii  libatk1.0-0         2.22.0-1
> ii  libaudiofile1       0.3.6-3
> ii  libc6               2.24-8
> ii  libgdk-pixbuf2.0-0  2.36.3-1
> ii  libglib2.0-0        2.50.2-2
> ii  libgtk2.0-0         2.24.31-1
> ii  libhamlib2          3.0.1-1+b1
> ii  libpango-1.0-0      1.40.3-3
> ii  libxml2             2.9.4+dfsg1-2.1
> 
> soundmodem recommends no packages.
> 
> soundmodem suggests no packages.
> 
> -- Configuration Files:
> /etc/ax25/soundmodem.conf changed:
> <?xml version="1.0"?>
> <modem>
>   <configuration name="UHF_Packet">
>     <chaccess txdelay="150" slottime="100" ppersist="40" fulldup="0" txtail="10"/>
>     <audio type="alsa" device="plughw:CARD=Device,DEV=0" halfdup="1" capturechannelmode="Mono"/>
>     <ptt file="/dev/ttyUSB0" hamlib_model="" hamlib_params=""/>
>     <channel name="Channel 0">
>       <mod mode="afsk" bps="1200" f0="1200" f1="2200" diffenc="1"/>
>       <demod mode="afsk" bps="1200" f0="1200" f1="2200" diffdec="1"/>
>       <pkt mode="KISS" ifname="sm0" hwaddr="MM3ZRZ-5" ip="44.131.6.35" netmask="255.255.255.224" broadcast="44.131.6.63" file="/dev/soundmodem0" unlink="1"/>
>     </channel>
>   </configuration>
> </modem>
> 
> 
> -- no debconf information

Reply to:

Follow-Ups:
- Bug#854009: soundmodem: starts kiss device with incorrect permissions
  - From: Dave Hibberd <d@vehibberd.com>

References:
- Bug#854009: soundmodem: starts kiss device with incorrect permissions
  - From: Dave Hibberd <d@vehibberd.com>

Prev by Date: Bug#854011: soundmodem: does not have systemd unit
Next by Date: Bug#854009: soundmodem: starts kiss device with incorrect permissions
Previous by thread: Bug#854009: soundmodem: starts kiss device with incorrect permissions
Next by thread: Bug#854009: soundmodem: starts kiss device with incorrect permissions
Index(es):
- Date
- Thread