[14969] in bugtraq
Re: pam_console bug
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Fri May 19 20:49:32 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.21.0005040946130.15214-100000@dione.ids.pl>
Date: Thu, 4 May 2000 09:51:54 +0200
Reply-To: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
From: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
X-To: Benjamin Smee <ben.smee@one.net.au>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3910D15E.AF844055@one.net.au>
On Thu, 4 May 2000, Benjamin Smee wrote:
> As a NORMAL user this would load the keymap for ALL consoles. Initially
> I didnt think it was anything new as in the man page I found:
> [...]
Uh, problem is even worse, I decided not to post it... tty users may for
example do PIO_CMAP ioctl, rendering all consoles unusable. Many dangerous
ioctls() are available for users simply having open fd to /dev/ttyX,
fortunately you might call ioctl() only when you're logged on console,
logout causes hang up of the tty device. To do it again, you must log
locally one more time.
_______________________________________________________
Michal Zalewski [lcamtuf@tpi.pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=
