LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

A privilege escalation flaw in udev

A privilege escalation flaw in udev

Posted Apr 23, 2009 11:52 UTC (Thu) by etienne_lorrain@yahoo.fr (guest, #38022)
In reply to: A privilege escalation flaw in udev by nix
Parent article: A privilege escalation flaw in udev

> Can anyone think of a reason why mknod() allows *anyone*
> to create device nodes outside /dev?

How would you ask ioctl like BLKBSZGET, BLKSSZGET, BLKGETSIZE,
BLKGETSIZE64, HDIO_GETGEO_BIG, to the file system which contains
a file given as parameter?
As an example:
http://www.mirrorservice.org/sites/download.sourceforge.n...

There is maybe a better solution (without having to guess the mount
point *name*) - I am listening...

(Log in to post comments)

A privilege escalation flaw in udev

Posted Apr 23, 2009 13:56 UTC (Thu) by nix (subscriber, #2304) [Link]

This looks like a reason why a /sys/block entry containing a device node for each device rather than just a textual representation of (major, minor) might be useful: but that was already rejected :/

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds