| From 4f9ab4957682e19bcee3806d3ed4bee7f46fab1f Mon Sep 17 00:00:00 2001 |
| From: Mattias Nissler <mnissler@chromium.org> |
| Date: Mon, 15 Jun 2020 14:53:35 +0200 |
| Subject: [PATCH] 50-udev-default.rules: Disable REMOVE_CMD support |
| |
| There is a default udev rule that executes commands from the REMOVE_CMD |
| environment variable if present. This is risky since an attacker with a root |
| file write primtive can mess with udev state in /run/udev/data to inject a |
| REMOVE_CMD. The attacker will then get command execution as root when the |
| respective device gets removed. Chrome OS doesn't use that rule (it previously |
| did in 2 places, but these have been changed), disable REMOVE_CMD |
| functionality. |
| |
| --- |
| rules/50-udev-default.rules | 3 ++- |
| 1 file changed, 2 insertions(+), 1 deletion(-) |
| |
| --- a/rules/50-udev-default.rules |
| +++ b/rules/50-udev-default.rules |
| @@ -1,7 +1,8 @@ |
| # do not edit this file, it will be overwritten on update |
| |
| # run a command on remove events |
| -ACTION=="remove", ENV{REMOVE_CMD}!="", RUN+="$env{REMOVE_CMD}" |
| +# Disabled on Chrome OS due to privilege escalation risk (see crbug/1072486) |
| +# ACTION=="remove", ENV{REMOVE_CMD}!="", RUN+="$env{REMOVE_CMD}" |
| ACTION=="remove", GOTO="default_end" |
| |
| SUBSYSTEM=="virtio-ports", KERNEL=="vport*", ATTR{name}=="?*", SYMLINK+="virtio-ports/$attr{name}" |
| -- |
| 2.26.2 |
| |