[374] in linux-security and linux-alert archive
Re: Problem with /dev/ttyp*
daemon@ATHENA.MIT.EDU (Perry F Nguyen)
Tue Sep 19 21:36:53 1995
Date: Tue, 19 Sep 1995 15:29:02 -0700 (PDT)
From: Perry F Nguyen <pfnguyen@netcom22.netcom.com>
Reply-To: pfnguyen@netcom.com
To: Joe Portman <baron@aa.net>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.91.950919110219.19893D-100000@red.aa.net>
On Tue, 19 Sep 1995, Joe Portman wrote:
> I just discovered a user sniffing passwords by doing the following on
> my system.
> Kernel 1.2.11
> cat /dev/ttyp? &
> It does not work every time, but occasionally it captures the login name
> and password of a careless user. It also prevents telnet logins on that
> ptyp/ttyp pair.
> 1. Is this a known bug? If so, how to fix it.
This is a known security problem in all Unix's.
> 2. If not, can you think of a workaround. I tried removing read permissions
> from the tty[p-s] series, but they come back after a telnet session exits.
The only effective way I've found to prevent this from happening is to
rewrite /bin/login to chmod() the tty to mode 600 before reading the
username/password and then chowning the tty to the owner.tty and then
mode 620.
I've so far seen no other possible way around this problem. Forcing a
default permission of 660 root.tty broke many applications that
cannot/will not run setuid, ie. splitvt, cmdtool, ytalk, etc. anything
that uses a pty.
--
pub 2047/848251A1 1995/08/01 Perry Francis Nguyen <Huy / ABV>
Key fingerprint = 9F A5 F1 29 0B EF 3A 1A 3D D4 8C B1 36 13 71 C1
<pfnguyen@netcom.com> - FTP ftp://ftp.netcom.com/pub/pf/pfn
FTP or finger pfnguyen@netcom.com for PGP Public Key.
