[10748] in bugtraq

home help back first fref pref prev next nref lref last post

Re: RedHat 6.0, /dev/pts permissions bug when using xterm

daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@VT.EDU)
Tue Jun 8 13:13:49 1999

Mime-Version: 1.0
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1644654370P"; micalg=pgp-md5;
              protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Message-Id: <199906071810.d57IAq036072@black-ice.cc.vt.edu>
Date: 	Mon, 7 Jun 1999 14:10:52 -0400
Reply-To: Valdis.Kletnieks@VT.EDU
From: Valdis.Kletnieks@VT.EDU
X-To:         noc-wage <wage@IDIRECT.CA>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  Your message of "Sun, 06 Jun 1999 19:15:05 -0000." 
              <375AC8B8.EE68F0C3@idirect.ca>

--==_Exmh_1644654370P
Content-Type: text/plain; charset=us-ascii

On Sun, 06 Jun 1999 19:15:05 -0000, noc-wage <wage@IDIRECT.CA>  said:

> This isn't a particularily "deadly" DoS attack, but can be used as a
> nuisance OR perhaps even to trick the user into doing something he may
> not want to do.  (For example dumping "Login:"  then "Password:" to the
> terminal may trick the user into adding his login/password to a file or
> to
> his .bash_history).

It's deadly as they come.

Man. It was way back in 1983 or so when I first saw the wonders of discarding
your control terminal, opening a tty to make it your control terminal, and
then start abusing the TIOCSTI ioctl().  No exploit here - this is so old
that you should be able to find it ANYPLACE. ;)


--
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech



--==_Exmh_1644654370P
Content-Type: application/pgp-signature

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

iQCVAwUBN1wLK9QBOOoptg9JAQFuGgP/ZNK3B7TxsW1rrCmmJqhuQnvr0rOU4hOq
p0lJnZPl3F3ME1ABMmerFl73snZapATnZLNPiAUrZNVTHpUQywVBanBUNYCIql44
sNbESNfxp0KY8HinFDjFUP6qQFtzVFtoO36mhlTVKFzNBGYqxEA2P17nJvjEWies
Jjl8E7jIMzg=
=Kx99
-----END PGP MESSAGE-----

--==_Exmh_1644654370P--

home help back first fref pref prev next nref lref last post