Bugtraq mailing list archives
Re: SunOS's xterm pb : again !
From: pug () arlut utexas edu (Pug)
Date: Tue, 13 Dec 1994 07:15:04 -0600 (CST)
The pb is : Under SunOS, the terminal devices (/dev/ttyp?) are owned by root, with rights rw-rw-rw-. When you log on the machine, the login process changes the owner of the terminal, so the tty belongs to you, with minimum access rights. BUT when using an xterm, you don't have the permissions to change the owner and access rights of the newly allocated tty. So the device stays owned by root, WORLD READABLE and WORLD WRITEABLE !!! I think this introduces a major security hole...yes, 666 is not the best mode for tty.. :)
I've turned this into Sun as a Security problem, as well as a bug. So far the only response I've gotten from Sun is that this problem was opened a while back, but closed as not a bug. Well, I don't see that happening this time since I have way too many SunOS 4.x machines running around. Of course it's 'fixed in the current release of the OS', unless you count SunOS 4.1.4 as current. Ciao, -- Richard Bainter Mundanely | System Analyst - OMG/CSD Pug Generally | Applied Research Labs - U.Texas pug () arlut utexas edu | pug () bga com | pug () eden com | {any user}@pug.net Note: The views may not reflect my employers, or even my own for that matter.
Current thread:
- SunOS's xterm pb : again ! Gilles SOULET (Dec 09)
- Re: SunOS's xterm pb : again ! Alexander Haiut (Dec 12)
- Re: SunOS's xterm pb : again ! Pug (Dec 13)
- Re: SunOS's xterm pb : again ! Casper Dik (Dec 13)
- Re: SunOS's xterm pb : again ! Pug (Dec 13)
- <Possible follow-ups>
- Re: SunOS's xterm pb : again ! der Mouse (Dec 13)
- Re: SunOS's xterm pb : again ! Alexander Haiut (Dec 12)