On Sun, Nov 19, 2000 at 06:04:01AM -0900, Ethan Benson wrote:
>
> does anyone know why debian has /dev/fb* with 622 permissions?
>
> the reason i ask is there is a pretty nasty security problem with
> this, try the following:
>
> cat /dev/urandom > /dev/fb0
>
> on my system i get a instant kernel panic (2.2.17 from ftp.kernel.org).
> since the framebuffer devices are world writable anyone with a shell
> account can crash the system, not nice. (i have a blue G3 using
> aty128fb)
>
> what is broken by setting the permissions on all the framebuffer
> devices to 0600 ?
>
Doesn't crash my i386 (riva tnt2, XF4) - but does put pretty colors over
the top 1/3 of the screen before cat exits with "write error: No space left on
device".
Chris
--
----------------------------------------------------------------------
Knuth: premature optimization is the root of all evil.
----------------------------------------------------------------------
Reply with subject 'request key' for GPG public key. KeyID 0xB4E24219
Attachment:
pgpNMU937AQDc.pgp
Description: PGP signature