[2159] in linux-security and linux-alert archive
[linux-security] Re: RedHat 6.0, /dev/pts permissions bug when
daemon@ATHENA.MIT.EDU (Kevin Kane)
Tue Jun 8 04:18:20 1999
Date: Tue, 8 Jun 1999 02:52:10 -0400 (EDT)
From: Kevin Kane <frnkzk@Glue.umd.edu>
To: Torbjorn Kristoffersen <torbkris@online.no>
cc: linux-security@redhat.com
In-Reply-To: <Pine.LNX.4.10.9906072334250.1180-100000@hal.europa.no>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Mon, 7 Jun 1999, Torbjorn Kristoffersen wrote:
| On Mon, 7 Jun 1999 alex@yuriev.com wrote:
|
| >
| > The problem lies in the way that the permissions are set for local
| > connections with the X server using xterm.
| > if you do an ls -l /dev/pts/<the xterm's tty> (we will use pts/0)
| > You get:
| > crw--w--w- 1 ov3r ov3r 136, 0 Jun 6 12:32 /dev/pts/0
| >
| > Notice how now "everyone" has write access to this terminal?
| > This leads to the hole that any local user can disrupt any xterminal
| > connected to the local machine. Simply typing "cat /dev/urandom >
|
| I've also got RedHat 6.0, but the `bug' never occurs. When a
| local X users uses an XTerm, his terminal device's name is
| as expected /dev/pts/<..>.
| However, the permissions of the device are crw--w----. Everyone hasn't
| write access to the tty. So I don't think this bug can be in all RH6.0
| distributions.
When I upgraded to 6.0, it changed my fstab to add the line for /dev/pts
with the parameter 'mode=0622', and this seemed to be the root of the
problem. I changed it to 'mode=0620', and also added a 'gid=5' (the GID
of the tty group), and it behaves how I want it, with tty group write.
(Without the gid, on my system, it ended up being the users group, which
might as well be world-write)
Kevin Kane <frnkzk@Glue.umd.edu>
[mod: Ok, that's it for this problem guys, we now know the problem and
the fix. -- REW]
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
