Bug#576687: gets written to a+r file ...

Tue, 06 Apr 2010 12:24:02 -0700 

Package: udisks
Version: 1.0.0-1+b1
Severity: critical

The udev data is viewable by all users by running:

        /sbin/udevadm info --query=all --name=mapper/sdb4_crypt

Not only that, it is written to a a+r file /dev/.udev/db/block:dm-1,
which is THANKFULLY on a tmpfs.

So anyone on the system who can read files can read encryption keys.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable'), (100, 'unstable'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-4-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages udisks depends on:
ii  libatasmart4      0.17+git20100219-1     ATA S.M.A.R.T. reading and parsing
ii  libc6             2.10.2-6               Embedded GNU C Library: Shared lib
ii  libdbus-1-3       1.2.20-2               simple interprocess messaging syst
ii  libdbus-glib-1-2  0.84-1                 simple interprocess messaging syst
ii  libdevmapper1.02. 2:1.02.45-1            The Linux Kernel Device Mapper use
ii  libglib2.0-0      2.22.4-1               The GLib library of C routines
ii  libgudev-1.0-0    151-3                  GObject-based wrapper library for 
ii  libparted1.8-12   1.8.8.git.2009.07.19-6 The GNU Parted disk partitioning s
ii  libpolkit-backend 0.96-1                 PolicyKit backend API
ii  libpolkit-gobject 0.96-1                 PolicyKit Authorization API
ii  libsgutils2-2     1.28-2                 utilities for working with generic
ii  libudev0          151-3                  libudev shared library
ii  udev              151-3                  /dev/ and hotplug management daemo

Versions of packages udisks recommends:
ii  dosfstools                    3.0.9-1    utilities for making and checking 
ii  hdparm                        9.27-2     tune hard disk parameters for high
ii  mtools                        4.0.12-1   Tools for manipulating MSDOS files
pn  ntfs-3g                       <none>     (no description available)
pn  ntfsprogs                     <none>     (no description available)
ii  policykit-1                   0.96-1     framework for managing administrat

Versions of packages udisks suggests:
ii  cryptsetup                    2:1.1.0-2  configures encrypted block devices
ii  mdadm                         3.0.3-2    tool to administer Linux MD arrays
pn  reiserfsprogs                 <none>     (no description available)
pn  xfsprogs                      <none>     (no description available)

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to