Re: /dev/fb* permissions, local DoS

To: Ethan Benson <erbenson@alaska.net>
Cc: Debian-security <debian-security@lists.debian.org>
Subject: Re: /dev/fb* permissions, local DoS
From: hpknight <hpknight@ao.net>
Date: Sun, 19 Nov 2000 11:08:16 -0500 (EST)
Message-id: <[🔎] Pine.LNX.4.21.0011191105450.28359-100000@eola.ao.net>
In-reply-to: <[🔎] 20001119060401.A28738@plato.local.lan>

This doesn't appear to affect systems running the 2.4.0test series
kernels.  I'm running 2.4.0-test10 and all it did was fill my screen with
random colors .. I could just ctrl-c it and clear the screen.  Doesn't
seem like there is anything broken by doing chmod 600 /dev/fb*, but all
I'm running is console and XF86 4.0 in DRI mode.

-Henry

On Sun, 19 Nov 2000, Ethan Benson wrote:

> 
> does anyone know why debian has /dev/fb* with 622 permissions? 
> 
> the reason i ask is there is a pretty nasty security problem with
> this, try the following:
> 
> cat /dev/urandom > /dev/fb0
> 
> on my system i get a instant kernel panic (2.2.17 from ftp.kernel.org).
> since the framebuffer devices are world writable anyone with a shell
> account can crash the system, not nice. (i have a blue G3 using
> aty128fb) 
> 
> what is broken by setting the permissions on all the framebuffer
> devices to 0600 ?
> 
> -- 
> Ethan Benson
> http://www.alaska.net/~erbenson/
>

Reply to:

References:
- /dev/fb* permissions, local DoS
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: /dev/fb* permissions, local DoS
Next by Date: Re: /dev/fb* permissions, local DoS
Previous by thread: /dev/fb* permissions, local DoS
Next by thread: Re: /dev/fb* permissions, local DoS
Index(es):
- Date
- Thread