Bug#1024998: g810-led: Security risk: Leaves /dev/input/event* with read and write permissions for all users

Mon, 28 Nov 2022 07:03:21 -0800 

Package: g810-led
Version: 0.4.2-2.1
Severity: critical
Tags: patch upstream security
Justification: root security hole
X-Debbugs-Cc: xdru...@tinet.cat, Debian Security Team <t...@security.debian.org>

Dear Maintainer,

I hesitate to file as critical, but I came across a bug report in
upstream that looked serious enough since it would allow all local
processes to eavesdrop on keyboard input, including passwords, etc. I
haven't tried an exploit, but it seemed better to just restrict
/dev/input/event* permissions to those of other event dev files.

Without this patch, I can read /dev/input/event2 and /dev/input/event3 as a
normal user. I see bytes in /dev/input/event2 when typing as a normal
user and also typing in another terminal (Konsole) typing as
root. event3 only shows the characters typed by the normal user.

With the patch I can't read /dev/input/event* as a normal user.

And the bug is publically reported upstream (some 10 days ago).

   * What led up to the situation?

Reviewing upstream bugs, found https://github.com/MatMoul/g810-led/issues/293

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

Nothing really. I wrote the patch, rebuilt, and observed the
permissions were fixed. My keyboard seems to work both with and
without the patch (needs a kernel with CONFIG_HIDRAW), when calling
g810-led as root. As normal user it doesn't work (both with or without
patch), due to no permission for /dev/hidraw2.

It should really be fixed upstream, but maybe it's worth fixing meanwhile
or removing the package temporarily ?

-- System Information:
Debian Release: 11.5
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)

Kernel: Linux 5.19.4-gnu-eowyn21so-gc9d5f2140717-dirty (SMP w/6 CPU threads; 
PREEMPT)
Kernel taint flags: TAINT_CRAP
Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages g810-led depends on:
ii  libc6         2.31-13+deb11u4
ii  libg810-led0  0.4.2-2.1
ii  libgcc-s1     10.2.1-6
ii  libstdc++6    10.2.1-6

g810-led recommends no packages.

g810-led suggests no packages.

-- Configuration Files:
/etc/g810-led/profile changed [not included]

-- no debconf information

*** 
/home/xdrudis/g810-led/debian/patches/correct_permissions_in_event_device_files.patch
--- a/udev/g810-led.rules
+++ b/udev/g810-led.rules
@@ -1,25 +1,25 @@
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c336", MODE="666" RUN+="/usr/bin/g213-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c330", MODE="666" RUN+="/usr/bin/g410-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33a", MODE="666" RUN+="/usr/bin/g413-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c342", MODE="666" RUN+="/usr/bin/g512-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33c", MODE="666" RUN+="/usr/bin/g513-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c333", MODE="666" RUN+="/usr/bin/g610-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c338", MODE="666" RUN+="/usr/bin/g610-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c331", MODE="666" RUN+="/usr/bin/g810-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c337", MODE="666" RUN+="/usr/bin/g810-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33f", MODE="666" RUN+="/usr/bin/g815-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c32b", MODE="666" RUN+="/usr/bin/g910-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c335", MODE="666" RUN+="/usr/bin/g910-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c339", MODE="666" RUN+="/usr/bin/gpro-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c336", MODE="666" RUN+="/usr/bin/g213-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c330", MODE="666" RUN+="/usr/bin/g410-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33a", MODE="666" RUN+="/usr/bin/g413-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c342", MODE="666" RUN+="/usr/bin/g512-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33c", MODE="666" RUN+="/usr/bin/g513-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c333", MODE="666" RUN+="/usr/bin/g610-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c338", MODE="666" RUN+="/usr/bin/g610-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c331", MODE="666" RUN+="/usr/bin/g810-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c337", MODE="666" RUN+="/usr/bin/g810-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c32b", MODE="666" RUN+="/usr/bin/g910-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c335", MODE="666" RUN+="/usr/bin/g910-led -p 
/etc/g810-led/profile"
-ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c339", MODE="666" RUN+="/usr/bin/gpro-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c336", MODE="660" RUN+="/usr/bin/g213-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c330", MODE="660" RUN+="/usr/bin/g410-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33a", MODE="660" RUN+="/usr/bin/g413-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c342", MODE="660" RUN+="/usr/bin/g512-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33c", MODE="660" RUN+="/usr/bin/g513-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c333", MODE="660" RUN+="/usr/bin/g610-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c338", MODE="660" RUN+="/usr/bin/g610-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c331", MODE="660" RUN+="/usr/bin/g810-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c337", MODE="660" RUN+="/usr/bin/g810-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33f", MODE="660" RUN+="/usr/bin/g815-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c32b", MODE="660" RUN+="/usr/bin/g910-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c335", MODE="660" RUN+="/usr/bin/g910-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEMS=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c339", MODE="660" RUN+="/usr/bin/gpro-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c336", MODE="660" RUN+="/usr/bin/g213-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c330", MODE="660" RUN+="/usr/bin/g410-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33a", MODE="660" RUN+="/usr/bin/g413-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c342", MODE="660" RUN+="/usr/bin/g512-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c33c", MODE="660" RUN+="/usr/bin/g513-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c333", MODE="660" RUN+="/usr/bin/g610-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c338", MODE="660" RUN+="/usr/bin/g610-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c331", MODE="660" RUN+="/usr/bin/g810-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c337", MODE="660" RUN+="/usr/bin/g810-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c32b", MODE="660" RUN+="/usr/bin/g910-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c335", MODE="660" RUN+="/usr/bin/g910-led -p 
/etc/g810-led/profile"
+ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="046d", 
ATTRS{idProduct}=="c339", MODE="660" RUN+="/usr/bin/gpro-led -p 
/etc/g810-led/profile"

Reply via email to