Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
Re: [suse-security] possible security problem with weak perms on /dev/fd[01] in suse6.3 distro
  • From: Les Catterall <catterau@xxxxxxxxxxx>
  • Date: Wed, 29 Mar 2000 11:41:59 +1000
  • Message-id: <38E15F67.1E58FC8E@xxxxxxxxxxx>
techno@xxxxxxxxxxxxx wrote:
>
> Hi. I thought I would notify you of my findings on a possible security
> problem within suse 6.3. Below is an excerpt about /dev/fd[01] permissions
> that I wrote a few days ago. I'm not sure if this has been noticed
> before. If not, I hope the information does you some good. I'd appreciate
> any responses on the matter that you can give, thanks :).
>
> [cut]
>
> Out of the box, SuSE 6.3 allows global rw access on the primary and
> secondary floppy drive (/dev/fd0 and /dev/fd1). Because devices can be
> written to directly, just like anything else, the floppy drives do not
> need to be mounted for any user to write data to a disk that has been
> left in the drive. Depending on the systems setup, this can be a very
> malicious tool. If the system boots SuSE directly from a floppy disk,
> chances are the disk is left in the drive while the system is up. If a
> user were to log on, and decide to use 'dd' (amongst a variety of other
> tools, or even just a 'cat FILE > /dev/fd0') the boot floppy would be
> ruined. A lazy sysadmin who didn't check the logs would not see that the
> bootdisk had been ruined, and upon reboot, may find himself with a dead
> box until the disk can be replaced. This is just one scenario where the
> weak perms on the devices can be dangerous.
>
> I just recently noticed this after installing SuSE 6.3 on one of my
> systems over a month ago. The permissions on /dev/fd[01] have been
> checked on several SuSE 6.3 systems and all check out as o+rw. If you
> are running SuSE 6.3 and have users other than yourself logging in, your
> best bet is to 'chmod o-rw /dev/fd0'. I cannot think of one good reason
> why SuSE would have set permissions on /dev/fd[01] so weak. If you can
> give any suggestions or feedback, an e-mail would be appreciated.
>
> -- Bryan Hughes
> init@xxxxxxxxxxxx
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx

There's always the "write-protect" tab on the diskette though.

Les Catterall

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx

< Previous Next >
References