Bug#700422: wdm shouldn't use /dev/mem
control: forcemerge -1 700421
On Tue, Feb 12, 2013 at 03:32:54PM +0100, Borislav Petkov wrote:
> Package: wdm
> Version: 1.28-13
> Severity: normal
> Tags: upstream patch
> this is my first reporting a bug against a debian package so I very well
> might've missed something in the process.
> Here's the deal: wdm still uses /dev/mem in genauth.c to generate a tmp
> key and it shouldn't. The kernel currently allows userspace to read <
> 640K of /dev/mem for compatibility reasons with X. The modern way of
> getting two random longs is /dev/urandom and I've a patch below which
> converts wdm to do that.
> Patch is ontop of the master branch of
> git://git.debian.org/collab-maint/wdm.git and fixes the issue.
Thanks for your contribution. Nice to see a way to get rid of the "program
wdm tried to access /dev/mem ..." messages.
wdm is currently orphaned and no maintainer is explicitly caring of it,
neither in Debian nor upstream. Since I made some of the final QA
non-maintainer uploads I will care of including your patch at some
time. Note that this will not happen soon since Debian wheezy is
currently in "frozen" state in preparation for release.