root user has access to all of /dev/mem
Bug #146508 reported by
Bryan Irvine
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Fix Released
|
Wishlist
|
Kees Cook | ||
Bug Description
Easy to reproduce. The easiest way is to log in on the command line and sudo to root, then run 'strings /dev/mem' (I output to less and then search for my password).
Keep searching, you will eventually find:
<your username>
<your user pass>
sudo su -
<your user pass again>
I've tried on other linuxes, and BSD's but ubuntu is the only one that allows me to run strings on /dev/mem
I've also seen the password in association with the 'gksudo' command on ubuntu.
Revision history for this message
| Kees Cook (kees) wrote | #1 |
Revision history for this message
| Andy Whitcroft (apw) wrote | #2 |
| affects: | linux-meta (Ubuntu) → linux (Ubuntu) |
Revision history for this message
| Kees Cook (kees) wrote | #3 |
| Changed in linux (Ubuntu): | |
| assignee: | nobody → Kees Cook (kees) |
| status: | Confirmed → Fix Released |
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. There are some Distros that ship patches to the /dev/mem handler, but these changes are not supported by the upstream kernel, and Ubuntu has not had the resources to maintain a patch delta. Root users have the capacity to examine per-process memory as well, so fixing /dev/mem would still not change this. The primary reasons to stop /dev/mem access is to avoid things like root-kit installation.
I'm unmarking this as private, as it is already a known public issue with the Linux kernel's /dev/mem interface.
Please feel free to report any other bugs you may find.