permissions on /dev too lax in lucid

https://lists.ubuntu.com/archives/kernel-team/2010-January/008464.html

Per Greg KH, there is an additional commit to go with that one:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f776c5ec4690b21b3668ad5956774a22c86f541a

They both need to be applied for it to work correctly.

I have dropped the original patch and pulled in the pair of patches for this from the stable queue. Remains Fix Committed.

Apparently this is also needed:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9329d1beaeed1a94f030c784dcec5ff973f402c4

This bug was fixed in the package linux - 2.6.32-12.16

---------------
linux (2.6.32-12.16) lucid; urgency=low

  [ Andy Whitcroft ]

  * Revert "SAUCE: acpi battery -- delay first lookup of the battery until
    first use"
  * SAUCE: acpi battery -- move first lookup asynchronous
    - LP: #507211
  * [Config] update configs to cleanup generic configs
  * [Config] disable CONFIG_X86_CPU_DEBUG for amd64
  * [Config] enable USER_NS
    - LP: #480739, #509808

  [ Heiko Carstens ]

  * (pre-stable) driver-core: fix devtmpfs crash on s390
    - LP: #512370

  [ John Johansen ]

  * [Config] for server and virtual flavours make CONFIG_SCSI_SYM53C8XX_2=y
    - LP: #494565
  * [Config] VIRTIO=y for server/virtual flavours
    - LP: #494565

  [ Kay Sievers ]

  * (pre-stable) Driver-Core: devtmpfs - set root directory mode to 0755
    - LP: #512370

  [ Kees Cook ]

  * SAUCE: x86: brk away from exec rand area
    - LP: #452175

  [ Leann Ogasawara ]

  * [Upstream] e1000: enhance frame fragment detection
    - CVE-2009-4536
  * [Upstream] e1000e: enhance frame fragment detection
    - CVE-2009-4538

  [ Sebastian Kapfer ]

  * (pre-stable) Input: ALPS - add interleaved protocol support (Dell E6x00
    series)
    - LP: #296610

  [ Upstream Kernel Changes ]

  * inotify: do not reuse watch descriptors
    - LP: #485556
  * inotify: only warn once for inotify problems
  * revert "drivers/video/s3c-fb.c: fix clock setting for Samsung SoC
    Framebuffer"
  * memcg: ensure list is empty at rmdir
  * drm/i915: remove loop in Ironlake interrupt handler
  * block: Fix incorrect reporting of partition alignment
  * x86, mce: Thermal monitoring depends on APIC being enabled
  * futexes: Remove rw parameter from get_futex_key()
  * page allocator: update NR_FREE_PAGES only when necessary
  * x86, apic: use physical mode for IBM summit platforms
  * edac: i5000_edac critical fix panic out of bounds
  * x86: SGI UV: Fix mapping of MMIO registers
  * mfd: WM835x GPIO direction register is not locked
  * mfd: Correct WM835x ISINK ramp time defines
  * ALSA: hda - Fix missing capture mixer for ALC861/660 codecs
  * V4L/DVB (13868): gspca - sn9c20x: Fix test of unsigned.
  * reiserfs: truncate blocks not used by a write
  * HID: add device IDs for new model of Apple Wireless Keyboard
  * PCI/cardbus: Add a fixup hook and fix powerpc
  * Input: pmouse - move Sentelic probe down the list
  * asus-laptop: add Lenovo SL hotkey support
  * sched: Fix cpu_clock() in NMIs, on !CONFIG_HAVE_UNSTABLE_SCHED_CLOCK
  * sparc64: Fix NMI programming when perf events are active.
  * sparc64: Fix Niagara2 perf event handling.
  * i2c: Do not use device name after device_unregister
  * i2c/pca: Don't use *_interruptible
  * serial/8250_pnp: add a new Fujitsu Wacom Tablet PC device
  * sched: Fix task priority bug
  * vfs: Fix vmtruncate() regression
  * Linux 2.6.32.5
  * x86, msr/cpuid: Register enough minors for the MSR and CPUID drivers
  * V4L/DVB (13900): gspca - sunplus: Fix bridge exchanges.
  * Staging: asus_oled: fix oops in 2.6.32.2
  * Staging: hv: fix smp problems in the hyperv core code
  * tty: fix race in tty_fasync
  * ecryptfs: use after free
  * ecryptfs: initi...