Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Console permissions in RH 6.X (was: Re: Window manager - impementation...)

From: huuskone () CC HELSINKI FI (Taneli Huuskonen)
Date: Sat, 9 Oct 1999 12:50:27 +0300

-----BEGIN PGP SIGNED MESSAGE-----

Jim Paris wrote:


not the CD-ROM.  Valid point, but have you ever considered the (highly
likely) possibility that the permissions were actually set on
/dev/cdrom, which would happen to be symlinked to whatever device is
your actual CD-ROM?  The fact that the permissions were changed on
/dev/hdc on one machine doesn't mean that /dev/hdc would get touched on
others..


Anyone had a look at /etc/security/console.perms on a freshly installed
Red Hat 6.0?

        <sound>=/dev/dsp* /dev/audio* /dev/midi* \
                /dev/mixer* /dev/sequencer
        <cdrom>=/dev/cdrom
        [...]
        <console> 0600 <sound>     0644 root
        <console> 0600 <cdrom>     0600 root

So, it's not only likely that the permissions are changed on /dev/cdrom
rather than /dev/hdc isn't only highly likely, it's a fact.  However,
I'm more concerned about the permissions the sound devices revert to
when you log out from console.  They become world readable, meaning that
if you have a microphone connected to your soundcard, you can be
eavesdropped by a remote user.

Taneli Huuskonen

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQB1AwUBN/8PBwUw3ir1nvhZAQESTwL9GZ6D/IVFP6yRO3ANFbq7HX15EFKtWNE2
+atipsryt5PLSSkzQkeEe+m1aai+UaNdEUincrSPVLHX8jMzGv4KaXThhf7Urjkk
KOO8mcbL5g/Ej5Zc4zzYNDYCxqk8bsMp
=MLCY
-----END PGP SIGNATURE-----

--
I don't   | All messages will be PGP signed,  | Fight for your right to
speak for | encrypted mail preferred.  Keys:  | use sealed envelopes.
the Uni.  | http://www.helsinki.fi/~huuskone/ | http://www.gilc.org/
Previous By Date Next
Previous By Thread Next

Current thread: