techno@crosslink.net wrote:
Hi. I thought I would notify you of my findings on a possible security problem within suse 6.3. Below is an excerpt about /dev/fd[01] permissions that I wrote a few days ago. I'm not sure if this has been noticed before. If not, I hope the information does you some good. I'd appreciate any responses on the matter that you can give, thanks :).
[cut]
Out of the box, SuSE 6.3 allows global rw access on the primary and secondary floppy drive (/dev/fd0 and /dev/fd1). Because devices can be written to directly, just like anything else, the floppy drives do not need to be mounted for any user to write data to a disk that has been left in the drive. Depending on the systems setup, this can be a very malicious tool. If the system boots SuSE directly from a floppy disk, chances are the disk is left in the drive while the system is up. If a user were to log on, and decide to use 'dd' (amongst a variety of other tools, or even just a 'cat FILE > /dev/fd0') the boot floppy would be ruined. A lazy sysadmin who didn't check the logs would not see that the bootdisk had been ruined, and upon reboot, may find himself with a dead box until the disk can be replaced. This is just one scenario where the weak perms on the devices can be dangerous.
I just recently noticed this after installing SuSE 6.3 on one of my systems over a month ago. The permissions on /dev/fd[01] have been checked on several SuSE 6.3 systems and all check out as o+rw. If you are running SuSE 6.3 and have users other than yourself logging in, your best bet is to 'chmod o-rw /dev/fd0'. I cannot think of one good reason why SuSE would have set permissions on /dev/fd[01] so weak. If you can give any suggestions or feedback, an e-mail would be appreciated.
-- Bryan Hughes init@crashdot.org
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
There's always the "write-protect" tab on the diskette though. Les Catterall --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com