summaryrefslogtreecommitdiff
blob: 128ac8ce311b1ceb509251de5049ba8c1bb862c5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Remove spurious \n to fix udev rule generation

Steven Newbury <steve@snewbury.org.uk>:
libfprint generates 60-fprint-autosuspend.rules for all supported devices, 
however there's a spurious \n before the ', MODE="0666"' which results in it 
appearing on a new line after the match criteria.  At least on current 
systemd/udev this results in MODE="0666" being applied unconditionally to all 
device nodes.  This is an extremely serious security problem and effectively 
gives root access to all users simply by having the ebuild emerged.

https://bugs.gentoo.org/562218

--- a/libfprint/fprint-list-udev-rules.c
+++ b/libfprint/fprint-list-udev-rules.c
@@ -74,7 +74,7 @@
 	if (num_printed == 0)
 	    printf ("# %s\n", driver->full_name);
 
-	printf ("SUBSYSTEM==\"usb\", ATTRS{idVendor}==\"%04x\", ATTRS{idProduct}==\"%04x\", ATTRS{dev}==\"*\", TEST==\"power/control\", ATTR{power/control}=\"auto\"\n, MODE=\"0666\"\n", driver->id_table[i].vendor, driver->id_table[i].product);
+	printf ("SUBSYSTEM==\"usb\", ATTRS{idVendor}==\"%04x\", ATTRS{idProduct}==\"%04x\", ATTRS{dev}==\"*\", TEST==\"power/control\", ATTR{power/control}=\"auto\", MODE=\"0666\"\n", driver->id_table[i].vendor, driver->id_table[i].product);
 	printf ("SUBSYSTEM==\"usb\", ATTRS{idVendor}==\"%04x\", ATTRS{idProduct}==\"%04x\", ENV{LIBFPRINT_DRIVER}=\"%s\"\n", driver->id_table[i].vendor, driver->id_table[i].product, driver->full_name);
 	num_printed++;
     }