Mailinglist Archive: opensuse-security (195 mails)

< Previous Next >
possible security problem with weak perms on /dev/fd[01] in suse 6.3 distro
  • From: techno@xxxxxxxxxxxxx
  • Date: Tue, 28 Mar 2000 19:49:12 -0500 (EST)
  • Message-id: <Pine.LNX.4.20.0003281947440.24917-100000@xxxxxxxxxxxxxxxxxxxxxx>
Hi. I thought I would notify you of my findings on a possible security
problem within suse 6.3. Below is an excerpt about /dev/fd[01] permissions
that I wrote a few days ago. I'm not sure if this has been noticed
before. If not, I hope the information does you some good. I'd appreciate
any responses on the matter that you can give, thanks :).

[cut]

Out of the box, SuSE 6.3 allows global rw access on the primary and
secondary floppy drive (/dev/fd0 and /dev/fd1). Because devices can be
written to directly, just like anything else, the floppy drives do not
need to be mounted for any user to write data to a disk that has been
left in the drive. Depending on the systems setup, this can be a very
malicious tool. If the system boots SuSE directly from a floppy disk,
chances are the disk is left in the drive while the system is up. If a
user were to log on, and decide to use 'dd' (amongst a variety of other
tools, or even just a 'cat FILE > /dev/fd0') the boot floppy would be
ruined. A lazy sysadmin who didn't check the logs would not see that the
bootdisk had been ruined, and upon reboot, may find himself with a dead
box until the disk can be replaced. This is just one scenario where the
weak perms on the devices can be dangerous.

I just recently noticed this after installing SuSE 6.3 on one of my
systems over a month ago. The permissions on /dev/fd[01] have been
checked on several SuSE 6.3 systems and all check out as o+rw. If you
are running SuSE 6.3 and have users other than yourself logging in, your
best bet is to 'chmod o-rw /dev/fd0'. I cannot think of one good reason
why SuSE would have set permissions on /dev/fd[01] so weak. If you can
give any suggestions or feedback, an e-mail would be appreciated.


-- Bryan Hughes
init@xxxxxxxxxxxx



< Previous Next >