/dev/nvidia* is world writable

Bug #979307 reported by Kees Cook
272
This bug affects 3 people
Affects Status Importance Assigned to Milestone
nvidia-graphics-drivers (Ubuntu)
Triaged
High
Unassigned

Bug Description

leaving /dev/nvidia* world-writable exposes systems to future vulnerabilities even from remote users. This file should be limited to the console user instead (usually done with dynamic file ACLs).

Kees Cook (kees)
visibility: private → public
Revision history for this message
Alex Murray (alexmurray) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in nvidia-graphics-drivers (Ubuntu):
status: New → Confirmed
Revision history for this message
Maarten Lankhorst (mlankhorst) wrote :

Easy workaround would be to change /lib/udev/rules.d/50-udev-default.rules :

KERNEL=="nvidia*|nvidiactl*", GROUP="video", MODE="0660"

However that requires current user to be in the video group, and that will probably cause a lot of issues on its own, since by default users are not part of the video group, and probably not a change you want to push except in a next major release.

Bryce Harrington (bryce)
Changed in nvidia-graphics-drivers (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → High
Changed in nvidia-graphics-drivers (Ubuntu):
assignee: nobody → Marc Deslauriers (mdeslaur)
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

How about adding nvidia* to /lib/udev/rules.d/70-udev-acl.rules and getting permissions added by consolekit?

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

OK, using udev doesn't work, as the device nodes and permissions are created by the binary driver when X starts.

See:
http://us.download.nvidia.com/XFree86/Linux-x86/295.59/README/faq.html

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :
Changed in nvidia-graphics-drivers (Ubuntu):
assignee: Marc Deslauriers (mdeslaur) → nobody
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.