blob: 1938dac96bd23fa2a204d7bd383cf61b91dc8cf8 [file] [log] [blame]
From 4f9ab4957682e19bcee3806d3ed4bee7f46fab1f Mon Sep 17 00:00:00 2001
From: Mattias Nissler <>
Date: Mon, 15 Jun 2020 14:53:35 +0200
Subject: [PATCH] 50-udev-default.rules: Disable REMOVE_CMD support
There is a default udev rule that executes commands from the REMOVE_CMD
environment variable if present. This is risky since an attacker with a root
file write primtive can mess with udev state in /run/udev/data to inject a
REMOVE_CMD. The attacker will then get command execution as root when the
respective device gets removed. Chrome OS doesn't use that rule (it previously
did in 2 places, but these have been changed), disable REMOVE_CMD
rules/50-udev-default.rules | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/rules/50-udev-default.rules
+++ b/rules/50-udev-default.rules
@@ -1,7 +1,8 @@
# do not edit this file, it will be overwritten on update
# run a command on remove events
-ACTION=="remove", ENV{REMOVE_CMD}!="", RUN+="$env{REMOVE_CMD}"
+# Disabled on Chrome OS due to privilege escalation risk (see crbug/1072486)
+# ACTION=="remove", ENV{REMOVE_CMD}!="", RUN+="$env{REMOVE_CMD}"
ACTION=="remove", GOTO="default_end"
SUBSYSTEM=="virtio-ports", KERNEL=="vport*", ATTR{name}=="?*", SYMLINK+="virtio-ports/$attr{name}"