[377] in linux-security and linux-alert archive
Re: Problem with /dev/ttyp*
daemon@ATHENA.MIT.EDU (Alan Cox)
Wed Sep 20 16:17:13 1995
From: iialan@iifeak.swan.ac.uk (Alan Cox)
To: pfnguyen@netcom.com
Date: Wed, 20 Sep 1995 19:36:07 +0100 (BST)
Cc: baron@aa.net, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.91.950919152556.4719A-100000@Viet.Viet.COM> from "Perry F Nguyen" at Sep 19, 95 03:29:02 pm
> > 1. Is this a known bug? If so, how to fix it.
> This is a known security problem in all Unix's.
No its a stupid bug in some programs. All modern systems should be secure
against this attack. Linux needs fixing ASAP.
> The only effective way I've found to prevent this from happening is to
> rewrite /bin/login to chmod() the tty to mode 600 before reading the
> username/password and then chowning the tty to the owner.tty and then
> mode 620.
This is unlikely to be adequate. Permissions are applied on open not
on read/write calls.
Alan
