[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /dev/fb* permissions, local DoS

This doesn't appear to affect systems running the 2.4.0test series
kernels.  I'm running 2.4.0-test10 and all it did was fill my screen with
random colors .. I could just ctrl-c it and clear the screen.  Doesn't
seem like there is anything broken by doing chmod 600 /dev/fb*, but all
I'm running is console and XF86 4.0 in DRI mode.


On Sun, 19 Nov 2000, Ethan Benson wrote:

> does anyone know why debian has /dev/fb* with 622 permissions? 
> the reason i ask is there is a pretty nasty security problem with
> this, try the following:
> cat /dev/urandom > /dev/fb0
> on my system i get a instant kernel panic (2.2.17 from ftp.kernel.org).
> since the framebuffer devices are world writable anyone with a shell
> account can crash the system, not nice. (i have a blue G3 using
> aty128fb) 
> what is broken by setting the permissions on all the framebuffer
> devices to 0600 ?
> -- 
> Ethan Benson
> http://www.alaska.net/~erbenson/

Reply to: