/dev/random and /dev/urandom world writeable

Bug #1397652 reported by Lars Noodén
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Invalid
Low
Unassigned
makedev (Debian)
Fix Released
Unknown
manpages (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

It looks like in 14.04.1 that /dev/random and /dev/urandom are world-writeable. This occurs in at least 14.04.1 Desktop for AMD64 and Server for i386

$ ls -l /dev/*random
crw-rw-rw- 1 root root 1, 8 Nov 25 10:44 /dev/random
crw-rw-rw- 1 root root 1, 9 Nov 25 10:44 /dev/urandom

As far as I know, they should be 664 or 644.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: base-files 7.2ubuntu5.1
ProcVersionSignature: Ubuntu 3.13.0-40.69-generic 3.13.11.10
Uname: Linux 3.13.0-40-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.5
Architecture: amd64
CurrentDesktop: Unity
Date: Sun Nov 30 12:06:43 2014
Dependencies:

InstallationDate: Installed on 2014-10-26 (34 days ago)
InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
SourcePackage: base-files
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Lars Noodén (larsnooden) wrote :
affects: base-files (Ubuntu) → udev (Ubuntu)
Revision history for this message
Martin Pitt (pitti) wrote :

udev doesn't change permissions on these devices, that's a kernel default (devtmpfs). However, why is that bad? As far as I know, the devices are writable for non-root users so that you can have usespace daemons like haveged for additional entropy data (but not increase it -- that's a separate ioctl(RNDADDENTROPY) which is limited to root, so that users can't make entropy any worse). So I think this is by design, but I keep this open in case you see an actual issue here? Thanks!

affects: udev (Ubuntu) → linux (Ubuntu)
Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: bot-stop-nagging
Revision history for this message
Lars Noodén (larsnooden) wrote :

Thanks. It is probably my lack of understanding. The manual page for random(4) uses 644 for both and show writing to urandom to set the random seed. But if writing to the devices by non-root users does not reduce the entropy then the original aspect of the bug is invalid, though maybe the man page could use a few words of clarification.

Revision history for this message
Martin Pitt (pitti) wrote :

Yeah, indeed. https://en.wikipedia.org/wiki//dev/random also describes this aspect in more detail (but of course it's not a reference to rely on). Unfortunately the FHS (http://www.pathname.com/fhs/pub/fhs-2.3.html#DEVDEVICEFILES) makes no statement about this at all.

I added a manpages tasks for possibly updating the manpage if the kernel defaults are deliberate.

Changed in linux (Ubuntu):
importance: Undecided → Low
Changed in manpages (Ubuntu):
importance: Undecided → Low
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in manpages (Ubuntu):
status: New → Confirmed
Revision history for this message
Eero (eero+launchpad) wrote :

The man page is a bit confusing as said previously. Even though the configuration section speaks about setting permissions to 644, the following can be found from the description section:

       Writing to /dev/random or /dev/urandom will update the entropy pool
       with the data written, but this will not result in a higher entropy
       count. This means that it will impact the contents read from both
       files, but it will not make reads from /dev/random faster.

Revision history for this message
Michael Kerrisk (mtk-manpages) wrote :

Upstream man-pages maintainer here. This seems to me a man-pages problem, and I've change the relevant text in the man page to:

           mknod -m 666 /dev/random c 1 8
           mknod -m 666 /dev/urandom c 1 9
           chown root:root /dev/random /dev/urandom

Revision history for this message
Martin Pitt (pitti) wrote :

Nice, thanks Michael!

Changed in linux (Ubuntu):
status: Incomplete → Invalid
Revision history for this message
Martin Pitt (pitti) wrote :
Changed in manpages (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Stéphane Aulery (saulery) wrote :

Fixed in next release: manpages 3.82

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package manpages - 4.02-0ubuntu1

---------------
manpages (4.02-0ubuntu1) xenial; urgency=medium

  * New upstream version, including those changes:
    - random.4: Fix permissions shown for the devices (lp: #1397652)
    - resolv.conf.5: Document RES_SNGLKUPREOP (lp: #1110781)
    - proc.5: Document /proc/PID/status VmPin field (lp: #1071746)
  * debian/rules:
    - don't ship attr manpage to avoid conflict with that package

 -- Sebastien Bacher <email address hidden> Wed, 04 Nov 2015 16:05:28 +0100

Changed in manpages (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Christian Kujau (christiank) wrote :

FWIW, Debian #81748 explains why it's safe to have world-writable /dev/{u,}random devices.

Changed in makedev (Debian):
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.