Bugtraq mailing list archives
Digital UNIX/Irix mesg problem
From: tom () SBA MIAMI EDU (Tom Leffingwell)
Date: Tue, 29 Apr 1997 15:06:50 -0400
This is rather stupid and not much of a bug, but it shouldn't happen. Basically, the permissions on your tty are set correctly, with messages on, during login. If you turn them off, and then turn them back on, your tty becomes world writable. (Actually, you don't have to turn them off, mesg y automatically sets permissions that way). I don't remember that being that way in Digital UNIX 3, but I can't think of a box to check it on. I noticed that Ultrix, FreeBSD, and Solaris don't have this problem. I also noticed that Irix does the same thing (has the problem). I did call DEC, but they seemed rather confused. I don't see any reason for this. Nothing to exploit, but I guess people could easily fake a write from another user, or send annoying things anonymously (cat /vmunix > /dev/ttyXX). % tty /dev/ttyp4 % ls -l /dev/ttyp4 crw--w---- 2 tom terminal 6, 4 Apr 29 14:50 /dev/ttyp4 % mesg n % ls -l /dev/ttyp4 crw------- 2 tom terminal 6, 4 Apr 29 14:50 /dev/ttyp4 % mesg y % ls -l /dev/ttyp4 crw--w--w- 2 tom terminal 6, 4 Apr 29 14:50 /dev/ttyp4 ____________________________________________________________________ Tom Leffingwell Office: Jenkins 314K Systems Manager Office Phone: (305) 284-1962 Network Security Email: tom () sba miami edu School of Business University of Miami ____________________________________________________________________
Current thread:
- Smashing the Stack: prevention? nate (Apr 27)
- Re: Smashing the Stack: prevention? Thomas H. Ptacek (Apr 27)
- Re: Smashing the Stack: prevention? Russell Coker (Apr 28)
- Possibly exploitable buffer overflow in Solaris 2.5.1 ps Joe Zbiciak (Apr 28)
- Re: Possibly exploitable buffer overflow in Solaris 2.5.1 ps Geoffrey KEATING (Apr 29)
- Digital UNIX/Irix mesg problem Tom Leffingwell (Apr 29)
- Re: Digital UNIX/Irix mesg problem John Sheehy (Apr 29)
- Access control on W3C httpd server Peter Lord (Apr 30)
- vulnerabilities in kerberos David Sacerdote (Apr 29)
- Sun Security Bulletin #00139 Sun Security Coordination Team (Apr 29)
- SMASHING THE STACK: PREVENTION? massimo at vnet.ibm.com (Apr 28)
- Re: SMASHING THE STACK: PREVENTION? Alex Belits (Apr 28)
- Re: SMASHING THE STACK: PREVENTION? Thomas H. Ptacek (Apr 29)
- Re: Smashing the Stack: prevention? Thomas H. Ptacek (Apr 27)
- Re: Smashing the Stack: prevention? Tim Newsham (Apr 27)
- Re: Smashing the Stack: prevention? Joe Zbiciak (Apr 28)
- Re: Smashing the Stack: prevention? Daniel Ryde (Apr 28)