[Secure-testing-team] Bug#823089: Makes USB SDR devices world-read/writable
Ben Hutchings
ben at decadent.org.uk
Sat Apr 30 15:25:12 UTC 2016
Package: librtlsdr0
Version: 0.5.3-5
Severity: grave
Tags: security
librtlsdr0 installs udev rules that set the permission bits for
supported devices to 0666.
*** NEVER, EVER DO THIS! ***
All you should do is to set ENV{ID_SOFTWARE_RADIO}=1. Then udev will
give all local users access to these devices (see the rule at the end
of /lib/udev/rules.d/70-uaccess.rules).
Ben.
-- System Information:
Debian Release: stretch/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
More information about the Secure-testing-team
mailing list