118051 – kdm should not read /dev/mem

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 118051 - kdm should not read /dev/mem

Summary: kdm should not read /dev/mem

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kdebase
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Than Ngo
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	118123 (view as bug list)
Depends On:
Blocks:	FC2Blocker
TreeView+	depends on / blocked

Reported:	2004-03-11 14:59 UTC by Aleksey Nogin
Modified:	2007-11-30 22:10 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-05-01 13:23:40 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Aleksey Nogin 2004-03-11 14:59:51 UTC

I am seeing the following message:

Mar 11 04:20:29 dell kernel: audit(1079007629.554:0): avc:  denied  {
read } for  pid=2098 exe=/usr/bin/kdm name=mem dev=hda2 ino=2683359
scontext=system_u:system_r:xdm_t
tcontext=system_u:object_r:memory_device_t tclass=chr_file
 
According to Russell Coker
 
> That's a bug in kdm.  It should use /dev/random instead.  Reading
arbitary 
> kernel memory as a source of random numbers is bogus anyway.

Comment 1 Aleksey Nogin 2004-03-12 06:21:17 UTC

*** Bug 118123 has been marked as a duplicate of this bug. ***

Comment 2 Aleksey Nogin 2004-04-15 07:26:04 UTC

I have looked at the code a bit. In order for this to work correctly,
the kdm/backend/genauth.c file has to be compiled with DEV_RANDOM
define set to "/dev/urandom". Configure creates kdm/backend/Imakefile
that contains the following:
#ifdef RandomDefines
RANDOM_DEFINES = RandomDefines
#elif defined(OpenBSDArchitecture)
RANDOM_DEFINES = -DARC4_RANDOM
#elif defined(LinuxArchitecture)
RANDOM_DEFINES = -DDEV_RANDOM=\"/dev/urandom\"
#elif defined(NetBSDArchitecture) && \
  ((OSMajorVersion > 1) || \
   (OSMajorVersion == 1 && OSMinorVersion > 3))
RANDOM_DEFINES = -DDEV_RANDOM=\"/dev/urandom\"
#endif

However, the  -DDEV_RANDOM=\"/dev/urandom\"  never makes it into the
actual Makefile.

P.S. A possible workaround is to add the "RandomDevice=/dev/urandom"
line to the "General" section of the kdmrc.

P.P.S. The same bug exists in xdm (not surprizingly - it appears that
the code was borrowed from xdm originally) - see bug 120914.

P.P.P.S. kdm complains "Cannot read randomFile "/dev/mem"; X cookies
may be easily guessable" because of this, so I guess this makes it a
security problem.

Comment 3 Than Ngo 2004-05-01 13:23:40 UTC

i have added a fix for using urandom instead mem. It's fixed in
kdebase-3.2.2-3. Thanks for your report.

Note You need to log in before you can comment on or make changes to this bug.