← Back to team overview

kernel-packages team mailing list archive

[Bug 1397652] Re: /dev/random and /dev/urandom world writeable

 

udev doesn't change permissions on these devices, that's a kernel
default (devtmpfs). However, why is that bad? As far as I know, the
devices are writable for non-root users so that you can have usespace
daemons like haveged for additional entropy data (but not increase it --
that's a separate ioctl(RNDADDENTROPY) which is limited to root, so that
users can't make entropy any worse). So I think this is by design, but I
keep this open in case you see an actual issue here? Thanks!

** Package changed: udev (Ubuntu) => linux (Ubuntu)

** Changed in: linux (Ubuntu)
       Status: New => Incomplete

** Tags added: bot-stop-nagging

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1397652

Title:
  /dev/random and /dev/urandom world writeable

Status in linux package in Ubuntu:
  Incomplete

Bug description:
  It looks like in 14.04.1 that /dev/random and /dev/urandom are world-
  writeable.  This occurs in at least 14.04.1 Desktop for AMD64 and
  Server for i386

  $ ls -l /dev/*random 
  crw-rw-rw- 1 root root 1, 8 Nov 25 10:44 /dev/random
  crw-rw-rw- 1 root root 1, 9 Nov 25 10:44 /dev/urandom

  As far as I know, they should be 664 or 644.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: base-files 7.2ubuntu5.1
  ProcVersionSignature: Ubuntu 3.13.0-40.69-generic 3.13.11.10
  Uname: Linux 3.13.0-40-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.5
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Sun Nov 30 12:06:43 2014
  Dependencies:
   
  InstallationDate: Installed on 2014-10-26 (34 days ago)
  InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
  SourcePackage: base-files
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1397652/+subscriptions