[372] in linux-security and linux-alert archive
Problem with /dev/ttyp*
daemon@ATHENA.MIT.EDU (Joe Portman)
Tue Sep 19 15:48:52 1995
Date: Tue, 19 Sep 1995 11:05:11 -0700 (PDT)
From: Joe Portman <baron@aa.net>
To: linux-security@tarsier.cv.nrao.edu
I just discovered a user sniffing passwords by doing the following on
my system.
Kernel 1.2.11
cat /dev/ttyp? &
It does not work every time, but occasionally it captures the login name
and password of a careless user. It also prevents telnet logins on that
ptyp/ttyp pair.
1. Is this a known bug? If so, how to fix it.
2. If not, can you think of a workaround. I tried removing read permissions
from the tty[p-s] series, but they come back after a telnet session exits.
Any help is greatly appreciated.
-----------------------------------------------------------------------------
Joe Portman - Alternate Access Inc. Affordable, Reliable Internet
baron@aa.net Mercer Island: (206) 230-8732 Seattle: (206) 443-3408
Tacoma: (206) 927-6010 Federal Way: (206) 838-8457
Bellevue: (206) 455-8414
For free trial account: set modem to 8-n-1, login as "new"
For questions or support, call our voice line (206) 728-9585.
-----------------------------------------------------------------------------
