logoalt Hacker News

codedokodetoday at 9:01 PM3 repliesview on HN

> LPE: On distributions such as RHEL, /dev/kvm is world-writable (0666), so an unprivileged user can also use this vulnerability as a reliable LPE to gain root.

Why on Linux device files are accessible by untrusted applications?


Replies

colechristensentoday at 9:54 PM

Very many "devices" aren't at all device-like.

tryauuumtoday at 9:13 PM

Not all device files, only /dev/kvm. I assume the logic was "with /dev/kvm access the user can ...allocate memory and execute code, which they already can, so why not allow it?". Could also make rootless isolation easier

cyberaxtoday at 9:18 PM

???

That's been the case forever: /dev/null, /dev/zero, /dev/stdin, ...