/dev/random and /dev/urandom world writeable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
makedev (Debian) |
Fix Released
|
Unknown
|
|||
manpages (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
It looks like in 14.04.1 that /dev/random and /dev/urandom are world-writeable. This occurs in at least 14.04.1 Desktop for AMD64 and Server for i386
$ ls -l /dev/*random
crw-rw-rw- 1 root root 1, 8 Nov 25 10:44 /dev/random
crw-rw-rw- 1 root root 1, 9 Nov 25 10:44 /dev/urandom
As far as I know, they should be 664 or 644.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: base-files 7.2ubuntu5.1
ProcVersionSign
Uname: Linux 3.13.0-40-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.5
Architecture: amd64
CurrentDesktop: Unity
Date: Sun Nov 30 12:06:43 2014
Dependencies:
InstallationDate: Installed on 2014-10-26 (34 days ago)
InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
SourcePackage: base-files
UpgradeStatus: No upgrade log present (probably fresh install)
affects: | base-files (Ubuntu) → udev (Ubuntu) |
Changed in makedev (Debian): | |
status: | Unknown → Fix Released |
udev doesn't change permissions on these devices, that's a kernel default (devtmpfs). However, why is that bad? As far as I know, the devices are writable for non-root users so that you can have usespace daemons like haveged for additional entropy data (but not increase it -- that's a separate ioctl(RNDADDENT ROPY) which is limited to root, so that users can't make entropy any worse). So I think this is by design, but I keep this open in case you see an actual issue here? Thanks!