Bugtraq mailing list archives

Re: aterm 0.4.2 tty permission weakness

From: Coleman Kane <cokane () cokane org>
Date: Wed, 14 Jul 2004 00:10:05 -0400

I'm using aterm 0.4.2 on my gentoo 2004.1 box. It looks like this:

cokane@schizophreniac:~> ls -l /dev/pts/16 
crw--w----  1 cokane tty 136, 16 Jul 14 00:09 /dev/pts/16

That is with mesg y. And I checked, it -is- pts/16.

On Tue, 2004-07-13 at 12:04, Maarten Tielemans wrote:

Aterm has an issue with creating a terminal.

A quick ls al on a aterm with mesg y shows:
crw--w--w-  1 alsdk  users    5,   3 Jul 13 17:27 /dev/ttyp3
with mesg n:
crw-----w-  1 alsdk  users    5,   3 Jul 13 17:28 /dev/ttyp3

1) World (nobody) is able to echo or cat towards the terminal
echo hello >> /dev/ttyp3
cat mkdir >> /dev/ttyp3 
2) The group seems to be incorrect, a normal terminal has default group tty

A xterm with mesg y shows :
crw--w----   1 ttielu  tty         5,   5 Jul 13 17:27 ttyp5
and with mesg n :
crw-------   1 ttielu  tty         5,   5 Jul 13 17:27 ttyp5

Advice: use xterm

Bug found by TTIelu, reverse engineered by alsdk and TTIelu

Current thread:

aterm 0.4.2 tty permission weakness Maarten Tielemans (Jul 13)
- Re: aterm 0.4.2 tty permission weakness Armin Wolfermann (Jul 15)
- Re: aterm 0.4.2 tty permission weakness Coleman Kane (Jul 15)
- Re: aterm 0.4.2 tty permission weakness Sebastian Hans (Jul 15)
- Re: [security] aterm 0.4.2 tty permission weakness lorenzo (Jul 15)