Bug#390035: [Pkg-bluetooth-maintainers] Bug#390035: bluez-utils pin
file readable by all
Filippo Giunchedi
filippo at debian.org
Mon Oct 9 10:51:58 UTC 2006
[CCing upstream]
On Mon, Oct 09, 2006 at 10:27:56AM +0300, Mikko Rapeli wrote:
> On Mon, Oct 09, 2006 at 12:21:22AM +0200, Moritz Muehlenhoff wrote:
> > Mikko Rapeli wrote:
> > > This small bug affects sarge too so I'm cc'ing security. Attached patches
> > > restrict the permissions for sarge and etch/sid so that non-root users can
> > > not read the default pin value used in Bluetooth authentication.
> ^^^^^
> This should have read 'file'.
>
> > I know next to nothing about Bluetooth. What could a malicious user do
> > with this pin value and why does it need to be kept secret if it's
> > a default value (which I suppose is the same on all Debian installations?)
>
> A default value is much worse than pin file readable by all, but if an adm
> changed the pin and would like to keep it secret, then allowing everyone
> on the system to read the file by default is not nice. The paranoid adm
> should check the pin permissions too, but at least I failed that one for
> quite some time. Guess I'm not that paranoid after all...
>
> If a malicious user knows the pin, he can access the Bluetooth services
> offered by the host from previously unknown Bluetooth addresses. If he also
> can fake Bluetooth addresses and the Debian host allows re-pairing as it
> does by default ('pairing multi' in /etc/bluetooth/hcid.conf), then he
> can take over existing Bluetooth connections, and even pretend to be the
> Debian box for other Bluetooth devices who trust this shared secret and
> allow to create new link keys.
>
> In most cases, this is just a minor bug. At least having a default pin
> and 'pairing multi' on by default are much bigger issues, but it's a
> security related deviation from upstream. I would like to see this fixed.
From what I can tell, when the user reaches the point where he cares about not
having a default pin he can even change permissions. My rationale being that
bluetooth is not meant to be used in an hostile environment, moreover the
security features are rather "weak" FWIW.
I would like to hear upstream opinion though.
filippo
--
Filippo Giunchedi - http://esaurito.net
PGP key: 0x6B79D401
random quote follows:
At the source of every error which is blamed on the computer you will
find at least two human errors, including the error of blaming it on
the computer.
Beware of bugs in the above code; I have only proved it correct, not
tried it.
-- Donald Knuth
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-bluetooth-maintainers/attachments/20061009/b567d576/attachment.pgp
More information about the Pkg-bluetooth-maintainers
mailing list