[Parted-maintainers] Bug#890587: libparted2: should not use /dev/mem
Russell Coker
russell at coker.com.au
Fri Feb 16 10:57:35 UTC 2018
Package: libparted2
Version: 3.2-20
Severity: normal
http://oss.tresys.com/pipermail/refpolicy/2018-February/010476.html
The udisks2 access to /dev/mem is discussed on the SE Linux list at the above
URL.
https://sources.debian.org/patches/parted/3.2-20/gptsync.patch/
It seems that the access is due to the above patch that was copied from an
older version of dmidecode.
http://oss.tresys.com/pipermail/refpolicy/2018-February/010486.html
According to the above message newer versions of dmidecode use
/sys/firmware/dmi/tables/DMI which seems like a better way of doing it.
Please change libparted2 to use code from a newer version of dmidecode so it
doesn't need to access /dev/mem.
Removing access to /dev/mem allows running with minimum privileges (access to
/dev/mem means ultimate access to the system) and avoids potential reliability
issues if there is an accidental read from a memory mapped device.
-- System Information:
Debian Release: buster/sid
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Enforcing - Policy name: default
Versions of packages libparted2 depends on:
ii libblkid1 2.30.2-0.3
ii libc6 2.26-6
ii libdevmapper1.02.1 2:1.02.145-4.1
ii libuuid1 2.30.2-0.3
libparted2 recommends no packages.
Versions of packages libparted2 suggests:
ii libparted-dev 3.2-20
pn libparted-i18n <none>
ii parted 3.2-20
-- no debconf information
More information about the Parted-maintainers
mailing list