Re: Bug#257165: udev: input device permissions

To: Matt Zimmerman <mdz@debian.org>, 257165@bugs.debian.org, debian-security@lists.debian.org
Subject: Re: Bug#257165: udev: input device permissions
From: Itay Ben-Yaacov <nib_maps@yahoo.com>
Date: Mon, 5 Jul 2004 20:24:56 +0100 (BST)
Message-id: <[🔎] 20040705192456.73184.qmail@web21001.mail.yahoo.com>
In-reply-to: <20040701174643.GP5243@alcor.net>

Actually, re-reading the definitions in reportbug, this seems to be *critical*.  Why doesn't
anyone DO anything about this? NMU? Something???

> On Thu, Jul 01, 2004 at 10:28:04AM -0700, Itay Ben-Yaacov wrote:
> > Package: udev
> > Version: 0.026-1
> > Severity: normal
> > Tags: security
> > 
> > 
> > Permissions of /dev/input/* should be 600 or 640, but certainly not
> > 644! Anybody logged on could read my password directly from the event#
> > device associated with the keyboard.
> 
> Eek!  This is severe.
> 
> -- 
>  - mdz
>  

___________________________________________________________ALL-NEW Yahoo! Messenger - sooooo many all-new ways to express yourself http://uk.messenger.yahoo.com

Reply to:

Follow-Ups:
- Re: Bug#257165: udev: input device permissions
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Bug#257165: udev: input device permissions
  - From: Marco d'Itri <md@Linux.IT>

Prev by Date: FWD: Squirrelmail XSS + SQL security bug?
Next by Date: Re: FWD: Squirrelmail XSS + SQL security bug?
Previous by thread: Re: FWD: Squirrelmail XSS + SQL security bug?
Next by thread: Re: Bug#257165: udev: input device permissions
Index(es):
- Date
- Thread