[185] in linux-security and linux-alert archive
Slackware
daemon@ATHENA.MIT.EDU (Elias Levy)
Fri Mar 24 06:52:24 1995
Date: Thu, 23 Mar 1995 23:39:46 -0800 (PST)
From: Elias Levy <elias@power.net>
To: linux-security@tarsier.cv.nrao.edu
This are a few things I ound on a fairly clean Slackware machine that
bother me:
* dip <filename>
This will display any file you give it.
* Under /dev:
/dev/cua* has the right permissions but /dev/ttyS* does not.
all the audio devices are mode 666. This means if you have a microphone
people can hear the audio.
* minicom.users file in the minicom lib direcotry comes with gonzo,
satan and snake as examples/default. If you ever create such a user
they can use minicom. (Not that it matters if you have a compiler and
/dev/ttyS* mode 666)
* VGA/X programs: the X servers, SuperProbe, vgaset, /usr/lib/svga/*
/usr/bin/dumpreg, /usr/bin/fix132x43
This programs are all setuid and can mess your screen. You can do this
to fix it:
create group x
then chmod root.x the offending programs, and chmod 4110 then.
Ahh yes remember to add whom ever you want to let use X to group x.
* pppd & dip: Havent checked yet but I belive anyone can start
a dip or pppd connection this way. You can even give pppd a tty nd
screw people. But I need to check (sorry if Iam crying wof)
elias@power.net (Elias Levy)
PowerNet, Inc.
