[2158] in linux-security and linux-alert archive
[linux-security] Re: RedHat 6.0, /dev/pts permissions bug when using
daemon@ATHENA.MIT.EDU (Torbjorn Kristoffersen)
Tue Jun 8 02:49:25 1999
Date: Mon, 7 Jun 1999 23:42:46 +0200 (CEST)
From: Torbjorn Kristoffersen <torbkris@online.no>
To: linux-security@redhat.com
In-Reply-To: <Pine.LNX.3.96.990607153153.9294D-100000@cathy.uuworld.com>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Mon, 7 Jun 1999 alex@yuriev.com wrote:
>
> The problem lies in the way that the permissions are set for local
> connections with the X server using xterm.
> if you do an ls -l /dev/pts/<the xterm's tty> (we will use pts/0)
> You get:
> crw--w--w- 1 ov3r ov3r 136, 0 Jun 6 12:32 /dev/pts/0
>
> Notice how now "everyone" has write access to this terminal?
> This leads to the hole that any local user can disrupt any xterminal
> connected to the local machine. Simply typing "cat /dev/urandom >
I've also got RedHat 6.0, but the `bug' never occurs. When a
local X users uses an XTerm, his terminal device's name is
as expected /dev/pts/<..>.
However, the permissions of the device are crw--w----. Everyone hasn't
write access to the tty. So I don't think this bug can be in all RH6.0
distributions.
Cheers..
T. S. Kristoffersen <torbkris@online.no>
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
