Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] possible security problem with weak perms on /dev/fd[01] in suse6.3 distro
  • From: Fred Mobach <fred@xxxxxxxxx>
  • Date: Wed, 29 Mar 2000 08:57:15 +0200
  • Message-id: <38E1A94B.FF7FA5BE@xxxxxxxxx>
techno@xxxxxxxxxxxxx wrote:

> Out of the box, SuSE 6.3 allows global rw access on the primary and
> secondary floppy drive (/dev/fd0 and /dev/fd1). Because devices can be
> written to directly, just like anything else, the floppy drives do not
> need to be mounted for any user to write data to a disk that has been
> left in the drive. Depending on the systems setup, this can be a very
> malicious tool. If the system boots SuSE directly from a floppy disk,
> chances are the disk is left in the drive while the system is up. If a
> user were to log on, and decide to use 'dd' (amongst a variety of other
> tools, or even just a 'cat FILE > /dev/fd0') the boot floppy would be
> ruined. A lazy sysadmin who didn't check the logs would not see that the
> bootdisk had been ruined, and upon reboot, may find himself with a dead
> box until the disk can be replaced. This is just one scenario where the
> weak perms on the devices can be dangerous.

The permissions on SuSE 6.1 are :
brw-rw-rw- 1 root disk 2, 0 Apr 15 1999 /dev/fd0
brw-rw-rw- 1 root disk 2, 1 Apr 15 1999 /dev/fd1

And on SuSE 6.3 :
brw-rw---- 1 root disk 2, 0 Nov 15 1999 /dev/fd0
brw-rw---- 1 root disk 2, 1 Nov 15 1999 /dev/fd1

If a system administrator wants to boot a system from floppy disk he would
make the floppy disk read-only, isn't it ? However, you are indeed correct
that a lazy sysadmin would ruin his system, anyway ;-).

Regards,

Fred Mobach
fred at mobach.nl




< Previous Next >
References