What | Removed | Added |
---|---|---|
CC | dmitry@roshchin.org, security-team@suse.de | |
Component | Other | Security |
Dmitry Roshchin, I did osc getbinaries openSUSE:Factory android-tools standard i586 and got android-tools-5.1.1_r8-1.1.i586.rpm that contains /usr/lib/udev/rules.d/51-android.rules -------------------------------------------------------------------------- #egrep -v '^$|^#' /usr/lib/udev/rules.d/51-android.rules SUBSYSTEM=="usb", ATTR{idVendor}=="0502", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="0b05", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="413c", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="0489", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="04c5", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="04c5", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="091e", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="201E", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="109b", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="0bb4", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="12d1", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="8087", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="24e3", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="2116", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="0482", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="17ef", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="1004", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="22b8", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="0e8d", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="0409", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="2080", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="0955", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="2257", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="10a9", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="1d4d", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="0471", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="04da", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="05c6", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="1f53", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="04e8", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="04dd", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="054c", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="0fce", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="0fce", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="2340", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="0930", TAG+="uaccess" SUBSYSTEM=="usb", ATTR{idVendor}=="19d2", TAG+="uaccess" -------------------------------------------------------------------------- As far as I see those rules are in two ways wrong: 1. They apply unconditionally for all USB devices of those vendors. When vendors make various kind of USB devices such unconditioned rules could cause conflicts with other rules that are inteded for particular kind of USB devices as in this bug here. 2. They grant unconditionally for all USB devices of those vendors normal user access (via TAG+="uaccess") and that could be a severe security issue but I am not a sufficient security expert to make an educated statement here. Therefore I change the Bugzilla component to "security" so that our security team could have a look.