http://bugzilla.suse.com/show_bug.cgi?id=938659
http://bugzilla.suse.com/show_bug.cgi?id=938659#c41
Johannes Meixner changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dmitry@roshchin.org,
| |security-team@suse.de
Component|Other |Security
--- Comment #41 from Johannes Meixner ---
Dmitry Roshchin,
I did
osc getbinaries openSUSE:Factory android-tools standard i586
and got
android-tools-5.1.1_r8-1.1.i586.rpm
that contains
/usr/lib/udev/rules.d/51-android.rules
--------------------------------------------------------------------------
#egrep -v '^$|^#' /usr/lib/udev/rules.d/51-android.rules
SUBSYSTEM=="usb", ATTR{idVendor}=="0502", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="0b05", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="413c", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="0489", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="04c5", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="04c5", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="091e", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="201E", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="109b", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="0bb4", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="12d1", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="8087", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="24e3", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="2116", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="0482", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="17ef", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="1004", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="22b8", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="0e8d", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="0409", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="2080", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="0955", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="2257", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="10a9", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="1d4d", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="0471", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="04da", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="05c6", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="1f53", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="04e8", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="04dd", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="054c", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="0fce", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="0fce", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="2340", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="0930", TAG+="uaccess"
SUBSYSTEM=="usb", ATTR{idVendor}=="19d2", TAG+="uaccess"
--------------------------------------------------------------------------
As far as I see those rules are in two ways wrong:
1.
They apply unconditionally for all USB devices of those vendors.
When vendors make various kind of USB devices such unconditioned
rules could cause conflicts with other rules that are inteded
for particular kind of USB devices as in this bug here.
2.
They grant unconditionally for all USB devices of those vendors
normal user access (via TAG+="uaccess") and that could be a
severe security issue but I am not a sufficient security expert
to make an educated statement here. Therefore I change the
Bugzilla component to "security" so that our security team could
have a look.
--
You are receiving this mail because:
You are on the CC list for the bug.