[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /dev/fb* permissions, local DoS

Chris Leishman wrote:
> On Sun, Nov 19, 2000 at 06:04:01AM -0900, Ethan Benson wrote:
> >
> > does anyone know why debian has /dev/fb* with 622 permissions?
> >
> > the reason i ask is there is a pretty nasty security problem with
> > this, try the following:
> >
> > cat /dev/urandom > /dev/fb0
> >
> > on my system i get a instant kernel panic (2.2.17 from ftp.kernel.org).
> > since the framebuffer devices are world writable anyone with a shell
> > account can crash the system, not nice. (i have a blue G3 using
> > aty128fb)
> >
> > what is broken by setting the permissions on all the framebuffer
> > devices to 0600 ?

Only all apps which need a framebuffer device to work...

> Doesn't crash my i386 (riva tnt2, XF4) - but does put pretty colors over
> the top 1/3 of the screen before cat exits with "write error: No space left
> on device".

Yep, I think the crash is a bug in the framebuffer device, just like the other
problem where even reading from /dev/fb* caused a crash with atyfb IIRC.


Earthling Michel Dänzer (MrCooper)  \  CS student and free software enthusiast
Debian GNU/Linux (powerpc,i386) user \   member of XFree86 and The DRI Project

Reply to: