Return to Question

edited tags

Link

edited Jun 16, 2017 at 20:57

Gilles 'SO- stop being evil'

865.4k
205
1.8k
2.3k

Source Link

asked Jun 16, 2017 at 0:54

Kaz

8.9k
2
31
52

Can't write to /dev/console through node not in /dev

Can anyone explain this one:

Embedded Arm system, Linux 3.18.44. No SELinux or anything:

# ls -l /dev/console
crw-------    1 root     root        5,   1 Jan  6 02:40 /dev/console
# ls -l /tmp/console
crw-------    1 root     root        5,   1 Jan  6 02:39 /tmp/console
# echo foo > /dev/console
foo
# echo foo > /tmp/console
-sh: can't create /tmp/console: Permission denied
# ls -ld /tmp
drwxr-xr-x    2 root     root            80 Jan  6 02:39 /tmp
# ls -ld /dev
drwxr-xr-x   11 root     root          5480 Jan  6 02:32 /dev

Some detail from strace:

# strace sh -c 'echo foo > /tmp/console' 2>&1 | grep console
execve("/bin/sh", ["sh", "-c", "echo foo > /tmp/console"], [/* 12 vars */]) = 0
open("/tmp/console", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = -1 EACCES (Pe)

Versus:

# strace sh -c 'echo foo > /dev/console' 2>&1 | grep console
execve("/bin/sh", ["sh", "-c", "echo foo > /dev/console"], [/* 12 vars */]) = 0
open("/dev/console", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 3
foo

It's the same device: major 5, minor 1. Why would the device care about the path name of the filesystem node that refers to it? If that's what the issue is, which is what it looks like:

# mknod -m 600 /tmp/cons c 5 1
# echo foo > /dev/cons
foo
# mknod -m 600 /tmp/cons c 5 1
# echo foo > /tmp/cons
-sh: can't create /tmp/cons: Permission denied

Some sort of "security theatre"? It works under Linux 3.14 on very similar hardware.

linux-kernel