Computer Security

Archive : 1999 : october : kdewm
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku





Window manager - implementation bug/feature ???




Window manager - implementation bug/feature ???






=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


 Date: Чт, 07 окт 1999  08:25:01

   От: Mithun Bhattacharya <mithun@ZDNETONEBOX.COM>

 Кому: VULN-DEV@SECURITYFOCUS.COM

 Тема: Window manager - implementation bug/feature ???

--------------------------------------------------------------------------------




Hi,



I noticed something interesting which I am not sure whether it is the way things should be.



I have installed Redhat 6.0 for Intel with KDE (this works for Gnome too).

--------------------------------

[root@localhost mithun]# uname -a

Linux localhost.localdomain 2.2.5-15 #1 Mon Apr 19 21:39:28 EDT 1999 i686 unknown

[root@localhost mithun]# rpm -q kdebase

kdebase-1.1.1pre2-2

--------------------------------

Next I created a non-priviledged user "mithun" using useradd and logged in using that userid.



After this I do a su to change to root and fire up X-windows. Now I open a Kconsole and do

ls -l /dev | grep mithun

and this is what I get (I get somthing simillar in case of Gnome too - I haven't checked AnotherLevel for this)

----------------------------

crw-------   1 mithun   sys       14,   4 Apr 18 01:23 audio

crw-------   1 mithun   sys       14,  20 Apr 18 01:23 audio1

crw-------   1 mithun   sys       14,   3 Apr 18 01:23 dsp

crw-------   1 mithun   sys       14,  19 Apr 18 01:23 dsp1

crw-------   1 mithun   root      29,   0 Apr 12 21:12 fb0

crw-------   1 mithun   root      29,  32 Apr 12 21:12 fb1

crw-------   1 mithun   root      29,  64 Apr 12 21:17 fb2

crw-------   1 mithun   root      29,  96 Apr 12 21:17 fb3

crw-------   1 mithun   root      29, 128 Apr 12 21:17 fb4

crw-------   1 mithun   root      29, 160 Apr 12 21:17 fb5

crw-------   1 mithun   root      29, 192 Apr 12 21:17 fb6

crw-------   1 mithun   root      29, 224 Apr 12 21:18 fb7

brw-------   1 mithun   floppy     2,   0 May  6  1998 fd0

brw-------   1 mithun   floppy     2,  12 May  6  1998 fd0D360

brw-------   1 mithun   floppy     2,  16 May  6  1998 fd0D720

brw-------   1 mithun   floppy     2,  28 May  6  1998 fd0H1440

brw-------   1 mithun   floppy     2,  12 May  6  1998 fd0H360

brw-------   1 mithun   floppy     2,  16 May  6  1998 fd0H720

brw-------   1 mithun   floppy     2,   4 May  6  1998 fd0d360

brw-------   1 mithun   floppy     2,   8 May  6  1998 fd0h1200

brw-------   1 mithun   floppy     2,  20 May  6  1998 fd0h360

brw-------   1 mithun   floppy     2,  24 May  6  1998 fd0h720

brw-------   1 mithun   floppy     2,   1 May  6  1998 fd1

brw-------   1 mithun   floppy     2,  13 May  6  1998 fd1D360

brw-------   1 mithun   floppy     2,  17 May  6  1998 fd1D720

brw-------   1 mithun   floppy     2,  29 May  6  1998 fd1H1440

brw-------   1 mithun   floppy     2,  13 May  6  1998 fd1H360

brw-------   1 mithun   floppy     2,  17 May  6  1998 fd1H720

brw-------   1 mithun   floppy     2,   5 May  6  1998 fd1d360

brw-------   1 mithun   floppy     2,   9 May  6  1998 fd1h1200

brw-------   1 mithun   floppy     2,  21 May  6  1998 fd1h360

brw-------   1 mithun   floppy     2,  25 May  6  1998 fd1h720

brw-------   1 mithun   disk      22,   0 May  6  1998 hdc

crw-------   1 mithun   root      15,   0 Apr 16 11:37 js0

crw-------   1 mithun   root      15,   1 Apr 16 11:37 js1

crw-------   1 mithun   root      15,   2 Apr 16 11:37 js2

crw-------   1 mithun   root      15,   3 Apr 16 11:37 js3

crw-------   1 mithun   sys       35,   0 Apr 18 01:23 midi0

crw-------   1 mithun   sys       14,   2 Apr 18 01:23 midi00

crw-------   1 mithun   sys       14,  18 Apr 18 01:23 midi01

crw-------   1 mithun   sys       14,  34 Apr 18 01:23 midi02

crw-------   1 mithun   sys       14,  50 Apr 18 01:23 midi03

crw-------   1 mithun   sys       35,   1 Apr 18 01:23 midi1

crw-------   1 mithun   sys       35,   2 Apr 18 01:23 midi2

crw-------   1 mithun   sys       35,   3 Apr 18 01:23 midi3

crw-------   1 mithun   sys       14,   0 Apr 18 01:23 mixer

crw-------   1 mithun   sys       14,  16 Apr 18 01:23 mixer1

crw-------   1 mithun   sys       14,   1 Apr 18 01:23 sequencer

crw--w----   1 mithun   tty        4,   1 Oct  5 18:01 tty1

crw--w----   1 mithun   tty        7,   1 May  6  1998 vcs1

crw--w----   1 mithun   tty        7, 129 May  6  1998 vcsa1

----------------------------

I come out of X-Windows and logout completely. After this I login  as root and start X-Windows and now everything under /dev is owned by root. What I can't understand is that why would devices like /dev/hdc (my cd drive !!!) , /dev/fd0 (my floppy drive) suddenly become owned by a non-priviledged user just because I ran X-Windows.



Since remote root login is not allowed every superuser would be having a non-priviledged account on the system just in case he cant physically access the machine - so my scenario isn't exactly out of this world.



Ofcourse from my point of view nothing in the /dev directory should be owned by a non-priviledged user (other than maybe the /dev/vcs* files and maybe /dev/tty??). Maybe I am wrong but I would really like to know what exactly is happening here.







Regards

Mithun



___________________________________________________________________

To get your own FREE ZDNet onebox - FREE voicemail, email, and fax,

all in one place - sign up today at http://www.zdnetonebox.com
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru