/dev/fb* permissions, local DoS

To: Debian-powerpc <debian-powerpc@lists.debian.org>
Cc: Debian-security <debian-security@lists.debian.org>
Subject: /dev/fb* permissions, local DoS
From: Ethan Benson <erbenson@alaska.net>
Date: Sun, 19 Nov 2000 06:04:01 -0900
Message-id: <[🔎] 20001119060401.A28738@plato.local.lan>
Mail-followup-to: Debian-powerpc <debian-powerpc@lists.debian.org>, Debian-security <debian-security@lists.debian.org>

does anyone know why debian has /dev/fb* with 622 permissions? 

the reason i ask is there is a pretty nasty security problem with
this, try the following:

cat /dev/urandom > /dev/fb0

on my system i get a instant kernel panic (2.2.17 from ftp.kernel.org).
since the framebuffer devices are world writable anyone with a shell
account can crash the system, not nice. (i have a blue G3 using
aty128fb) 

what is broken by setting the permissions on all the framebuffer
devices to 0600 ?

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpL6KySX8g08.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: /dev/fb* permissions, local DoS
  - From: Chris Leishman <masklin@debian.org>

Prev by Date: Re: Mutt/gnupg
Next by Date: Re: /dev/fb* permissions, local DoS
Previous by thread: FW: weird DNS logs
Next by thread: Re: /dev/fb* permissions, local DoS
Index(es):
- Date
- Thread