Re: Fun with devices [was: Re: /dev/tcx0 crashes SunOS 4.1.4 on

[brad.powell () WEST SUN COM (Brad Powell)]

> From yes () LUDD LUTH SE Tue Jun 24 07:49:18 1997
E>
> Subject:      Re: Fun with devices [was: Re: /dev/tcx0 crashes SunOS 4.1.4 on
>              Sparc 20's]
> X-To:         Tobias Walkowiak <walko () CADLAB TU-BERLIN DE>
> To: BUGTRAQ () NETSPACE ORG

/Stahre writes:

> Then you will have to login and leave a nice entry in the log. It is
> "better" to
>
>        rcp /etc/motd you () some host:/dev/audio
>
> Panic, dump and reboot. And noone know it was you. (Works with any file,
> if you choose an au-file it will first play the sound and then crash. Lot
> of room for creativeness here.)
>
> Works on SunOS 4.1.4, and probably other versions too. Not on Solaris 5.5
> though.
>
> A good way to be "safer" from this is to chown /dev/audio to the user
> thats logs in and chmod it to 600.


Thats what /etc/fbtab (solaris1) and /etc/logindevperm (solaris2) are for.
Use whats there :-)



> But people will still be able to crash
> their own workstations... But on the other hand they can pull the plug
> aswell, so if they really want to stop them you have to lock your
> workstations in one room and you users in another.

Yeah, I've always said; kick off all the users and I can make you a
secure system. ;^}

The weak link is security is most often the human one.
=======================================================================
Brad Powell : brad.powell () Sun COM
Sr. Network Security Consultant
Sun Microsystems Inc.
=======================================================================
               The views expressed are those of the author and may
                  not reflect the views of Sun Microsystems Inc.
=======================================================================