Package: udev Version: 0.70-3 Tags: security >From /etc/udev/permissions.rules:
KERNEL=="random", MODE="0666"
KERNEL=="urandom", MODE="0444"
However, from drivers/char/random.c in the Linux kernel:
struct file_operations random_fops = {
.read = random_read,
.write = random_write,
.poll = random_poll,
.ioctl = random_ioctl,
};
struct file_operations urandom_fops = {
.read = urandom_read,
.write = random_write,
.ioctl = random_ioctl,
};
The write operations of random and urandom are the same. In both cases,
they allow adding data to the entropy pool. The permissions of both
devices should be 0644. Security tag added since this could
theoretically allow any user to control the generation of random numbers
for all users.
- Josh Triplett
signature.asc
Description: OpenPGP digital signature
