1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
Remove spurious \n to fix udev rule generation
Steven Newbury <steve@snewbury.org.uk>:
libfprint generates 60-fprint-autosuspend.rules for all supported devices,
however there's a spurious \n before the ', MODE="0666"' which results in it
appearing on a new line after the match criteria. At least on current
systemd/udev this results in MODE="0666" being applied unconditionally to all
device nodes. This is an extremely serious security problem and effectively
gives root access to all users simply by having the ebuild emerged.
https://bugs.gentoo.org/562218
--- a/libfprint/fprint-list-udev-rules.c
+++ b/libfprint/fprint-list-udev-rules.c
@@ -74,7 +74,7 @@
if (num_printed == 0)
printf ("# %s\n", driver->full_name);
- printf ("SUBSYSTEM==\"usb\", ATTRS{idVendor}==\"%04x\", ATTRS{idProduct}==\"%04x\", ATTRS{dev}==\"*\", TEST==\"power/control\", ATTR{power/control}=\"auto\"\n, MODE=\"0666\"\n", driver->id_table[i].vendor, driver->id_table[i].product);
+ printf ("SUBSYSTEM==\"usb\", ATTRS{idVendor}==\"%04x\", ATTRS{idProduct}==\"%04x\", ATTRS{dev}==\"*\", TEST==\"power/control\", ATTR{power/control}=\"auto\", MODE=\"0666\"\n", driver->id_table[i].vendor, driver->id_table[i].product);
printf ("SUBSYSTEM==\"usb\", ATTRS{idVendor}==\"%04x\", ATTRS{idProduct}==\"%04x\", ENV{LIBFPRINT_DRIVER}=\"%s\"\n", driver->id_table[i].vendor, driver->id_table[i].product, driver->full_name);
num_printed++;
}
|