[394] in linux-security and linux-alert archive
Re: Problem with /dev/ttyp*
daemon@ATHENA.MIT.EDU (Tomasz Surmacz)
Wed Sep 27 14:50:40 1995
From: Tomasz Surmacz <ts@papaja.wroc.apk.net>
To: linux-security@tarsier.cv.nrao.edu
Date: Thu, 21 Sep 1995 01:39:26 +0200 (MET DST)
Perry Francis Nguyen wrote:
> On Tue, 19 Sep 1995, Joe Portman wrote:
>
> > I just discovered a user sniffing passwords by doing the following on
> > my system.
> > Kernel 1.2.11
>
> > cat /dev/ttyp? &
[...]
> The only effective way I've found to prevent this from happening is to
> rewrite /bin/login to chmod() the tty to mode 600 before reading the
> username/password and then chowning the tty to the owner.tty and then
> mode 620.
>
> I've so far seen no other possible way around this problem. Forcing a
> default permission of 660 root.tty broke many applications that
> cannot/will not run setuid, ie. splitvt, cmdtool, ytalk, etc. anything
> that uses a pty.
Use ssh/sshd (secure shell) package. This replaces rshd, rlogind
and telnetd doing its own host and user authorization. First the
hosts must identify themselves by exchanging their public keys, then
the user keys are checked, or the .shosts or .rhosts file, and if
none of these methods grants access, the user is asked for password
LOCALLY, which then gets encrypted, and sent through the network to
the server for validation. It is not possible this way to intercept
any connection tty sniffing.
I am not sure now where the sshd package can be found (MOST probably
in ftp.funet.fi:/pub/ssh, but I am not sure and cannot check it at
the moment). It is still in development though, but I am using it
for at least 2 months and it seems good and reliable.
Tomasz
--
_________
(_ _' __) Tomasz R. Surmacz * Work:(071)202489, tsurmacz@asic.ict.pwr.wroc.pl
| (__ \ http://www.ict.pwr.wroc.pl/~tsurmacz/ Home: ts@papaja.wroc.apk.net
|__(____/ For PGP key finger tsurmacz@asic.ict.pwr.wroc.pl *----* irc: TomekS
