Bugtraq mailing list archives
Re: aterm 0.4.2 tty permission weakness
From: Coleman Kane <cokane () cokane org>
Date: Wed, 14 Jul 2004 00:10:05 -0400
I'm using aterm 0.4.2 on my gentoo 2004.1 box. It looks like this: cokane@schizophreniac:~> ls -l /dev/pts/16 crw--w---- 1 cokane tty 136, 16 Jul 14 00:09 /dev/pts/16 That is with mesg y. And I checked, it -is- pts/16. On Tue, 2004-07-13 at 12:04, Maarten Tielemans wrote:
Aterm has an issue with creating a terminal. A quick ls al on a aterm with mesg y shows: crw--w--w- 1 alsdk users 5, 3 Jul 13 17:27 /dev/ttyp3 with mesg n: crw-----w- 1 alsdk users 5, 3 Jul 13 17:28 /dev/ttyp3 1) World (nobody) is able to echo or cat towards the terminal echo hello >> /dev/ttyp3 cat mkdir >> /dev/ttyp3 2) The group seems to be incorrect, a normal terminal has default group tty A xterm with mesg y shows : crw--w---- 1 ttielu tty 5, 5 Jul 13 17:27 ttyp5 and with mesg n : crw------- 1 ttielu tty 5, 5 Jul 13 17:27 ttyp5 Advice: use xterm Bug found by TTIelu, reverse engineered by alsdk and TTIelu
Current thread:
- aterm 0.4.2 tty permission weakness Maarten Tielemans (Jul 13)
- Re: aterm 0.4.2 tty permission weakness Armin Wolfermann (Jul 15)
- Re: aterm 0.4.2 tty permission weakness Coleman Kane (Jul 15)
- Re: aterm 0.4.2 tty permission weakness Sebastian Hans (Jul 15)
- Re: [security] aterm 0.4.2 tty permission weakness lorenzo (Jul 15)