FS#5682 - [nvidia-*] wrong permission of /dev/nvidia*
Attached to Project:
Arch Linux
Opened by solsTiCe (zebul666) - Friday, 27 October 2006, 09:03 GMT
Last edited by Tobias Powalowski (tpowa) - Sunday, 24 June 2007, 09:36 GMT
Opened by solsTiCe (zebul666) - Friday, 27 October 2006, 09:03 GMT
Last edited by Tobias Powalowski (tpowa) - Sunday, 24 June 2007, 09:36 GMT
|
Details
the permission of the devices /dev/nvidia* are
# ls -l /dev/nvidia* crw-rw-rw- 1 root root 195, 0 2006-10-27 09:50 /dev/nvidia0 crw-rw-rw- 1 root root 195, 255 2006-10-27 09:50 /dev/nvidiactl it better should rw-rw-r-- and of the group video something like that must be added by the nvidia.install to /etc/modprobe.conf # nvidia's devices permission the right way options nvidia NVreg_DeviceFileUID=0 options nvidia NVreg_DeviceFileGID=91 options nvidia NVreg_DeviceFileMode=0660 i attached a patch for nvidia.install [extra/nvidia package] but all nvidia-* package might need to be changed too. 
permission.patch
(0.7 KiB)
|
This task depends upon
Closed by Tobias Powalowski (tpowa)
Sunday, 24 June 2007, 09:36 GMT
Reason for closing: Won't implement
Sunday, 24 June 2007, 09:36 GMT
Reason for closing: Won't implement
### xorg resets those permissions, adjust your xorg.conf!
KERNEL=="nvidia*", GROUP="video"
i suggest to modify modprobe.conf because i do not know how to achieve that in xorg.conf
it's like you want. ;-)
so the package module-init-tools must be changed accordingly to remove /etc/modprobe.conf
In any case, we have to wait for the devs to decide.
I only came onto this bug because I was about to file the same issue and I looked first to see if it is filed already and found your bug.
A. Depending on the target system's configuration, the NVIDIA device files
used to be created in one of three different ways:
o at installation time, using mknod
o at module load time, via devfs (Linux device file system)
o at module load time, via hotplug/udev
With current NVIDIA driver releases, device files are created or modified
by the X driver when the X server is started.
By default, the NVIDIA driver will attempt to create device files with the
following attributes:
UID: 0 - 'root'
GID: 0 - 'root'
Mode: 0666 - 'rw-rw-rw-'
Existing device files are changed if their attributes don't match these
defaults. If you want the NVIDIA driver to create the device files with
different attributes, you can specify them with the "NVreg_DeviceFileUID"
(user), "NVreg_DeviceFileGID" (group) and "NVreg_DeviceFileMode" NVIDIA
Linux kernel module parameters.
For example, the NVIDIA driver can be instructed to create device files
with UID=0 (root), GID=44 (video) and Mode=0660 by passing the following
module parameters to the NVIDIA Linux kernel module:
NVreg_DeviceFileUID=0
NVreg_DeviceFileGID=44
NVreg_DeviceFileMode=0660
The "NVreg_ModifyDeviceFiles" NVIDIA kernel module parameter will disable
dynamic device file management, if set to 0.
-- end of quote
modify your own modprobe.conf to use the options and you are fine, it's up to you how to deal with it
yes i have read that. and that explains the command i recommand above. what's your point ?
my point is:
it's not to the user or the admin to do that.
it must be the drivers package at install time that must fix that security hole.