[98] in linux-security and linux-alert archive
Re: tty permissions
daemon@ATHENA.MIT.EDU (Alan Cox)
Fri Mar 10 15:09:20 1995
From: iialan@iifeak.swan.ac.uk (Alan Cox)
To: linux-security@tarsier.cv.nrao.edu
Date: Fri, 10 Mar 1995 18:03:52 +0000 (GMT)
In-Reply-To: <3jnm7d$vee@dhp.com> from "Panzer Boy" at Mar 9, 95 02:51:09 pm
Reply-To: linux-security@tarsier.cv.nrao.edu
> Simple solution, put in your global login script "mesg n".
No people just stick open() in a tight loop and beat the mesg n then
hold the file descriptor. There used to be an even worse hole where
vhangup() was used wrongly and on old BSD you could beat the login
to being controlling tty then stuff characters into a users input stream.
You have to set the permissions at the beginning.
Alan
