Ubuntu
udev package

Bug #7198
Comment #5

Comment 5 for bug 7198

Revision history for this message

In Debian Bug tracker #261945, lkcl (lkcl) wrote on 2004-07-29: Re: Bug#261945: udev has had selinux support removed and now breaks with initrd (i.e. debian)

On Thu, Jul 29, 2004 at 10:21:14AM +0200, Marco d'Itri wrote:

> On Jul 29, Luke Kenneth Casson Leighton <email address hidden> wrote:
>
> > please ask the developer to consider releasing two versions of
> > udev - se_udev and udev.

> Please *you* do, apparently the new system works for red hat and I do

ha ha, redhat, gotta love them :)

> not know enough about selinux to argue about this.

hiya marco,

i have sent a message to _someone_ at least.
http://harryh.homelinux.org/index.php?p=15

i apologise for the message, i cut/paste the message to
harry and it was late (about 2:30am) and i missed a bit.

so yes, i have done.

gentoo, who are concerned about security, have decided to pull udev
from their distribution because of this one.

i juuuuussst managed to get udev 0.030 to work under debian:
i had to pull a couple of hacks but if gentoo aren't happy with
udev 0.030 i'd rather know what's going on.

do you happen to know: is it possible for other programs to start
accessing device files created by udev BEFORE the
/etc/dev.d/default/selinux stuff gets a look-in?

i.e. is there a chance that during creation of, say /dev/usbtts0,
a dialup modem program could be fired off by hotplug and try to
access /dev/usbtts0 _before_ the SE/Linux permissions have been set?

because if so (and the same problem is not present in 0.024) then
the removal of the udev_selinux program needs to be reverted.

if that's not a clear enough question, then please substitute, oh,
i dunno... something else for udev_selinux and for
/etc/dev.d/default/selinux because it's a generic issue of a possible
race condition in the design of udev.

--
--
Information I post is with honesty, integrity, and the expectation that
you will take full responsibility if acting on the information contained,
and that, should you find it to be flawed or even mildly useful, you
will act with both honesty and integrity in return - and tell me.
--
<a href="http://lkcl.net"> lkcl.net </a> <br />
<a href="mailto:<email address hidden>"> <email address hidden> </a> <br />

On Thu, Jul 29, 2004 at 10:21:14AM +0200, Marco d'Itri wrote:

> On Jul 29, Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote:
> 
> > please ask the developer to consider releasing two versions of
> > udev - se_udev and udev.

> Please *you* do, apparently the new system works for red hat and I do
 
 ha ha, redhat, gotta love them :)

> not know enough about selinux to argue about this.
 
 hiya marco,

i have sent a message to _someone_ at least.
 http://harryh.homelinux.org/index.php?p=15

i apologise for the message, i cut/paste the message to
 harry and it was late (about 2:30am) and i missed a bit.

so yes, i have done.

gentoo, who are concerned about security, have decided to pull udev
 from their distribution because of this one.

i juuuuussst managed to get udev 0.030 to work under debian:
 i had to pull a couple of hacks but if gentoo aren't happy with
 udev 0.030 i'd rather know what's going on.

do you happen to know: is it possible for other programs to start
 accessing device files created by udev BEFORE the
 /etc/dev.d/default/selinux stuff gets a look-in?

i.e. is there a chance that during creation of, say /dev/usbtts0,
 a dialup modem program could be fired off by hotplug and try to
 access /dev/usbtts0 _before_ the SE/Linux permissions have been set?

because if so (and the same problem is not present in 0.024) then
 the removal of the udev_selinux program needs to be reverted.

if that's not a clear enough question, then please substitute, oh,
 i dunno... something else for udev_selinux and for
 /etc/dev.d/default/selinux because it's a generic issue of a possible
 race condition in the design of udev.

-- 
-- 
Information I post is with honesty, integrity, and the expectation that
you will take full responsibility if acting on the information contained,
and that, should you find it to be flawed or even mildly useful, you
will act with both honesty and integrity in return - and tell me.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />

Ubuntuudev package

Comment 5 for bug 7198

Ubuntu
udev package