Re: RH 6.1 / 6.2 minicom vulnerability

[Roman Drahtmueller <draht () SUSE DE>]

On Tue, 22 Aug 2000, Moritz Hardt wrote:

> From: Moritz Hardt <root () MORIX DE>

Don't mail as root!

> To: BUGTRAQ () SECURITYFOCUS COM
> Date: Tue, 22 Aug 2000 00:24:20 +0200
> Subject: Re: RH 6.1 / 6.2 minicom vulnerability
[snip]
> suse6.4 propably prior versions, too seem to be vulnerable, aswell.


This is not correct.

We ship version 1.81.1 since July 27 1998 (that's back to the good old
SuSE-5.3 times) until now with SuSE-7.0.

minicom is installed root.uucp 0755 in all versions.

`chmod 2755 /usr/bin/minicom' and `minicom -C foo' afterwards does not
exhibit any problem because no file is created.

For a user of a SuSE system to be able to use minicom (restricted by
device permissions), she must be added to group uucp.

> From the /etc/minicom.users:

#
# Remember: in S.u.S.E. Linux 5.3 and above modem users have to be in
# group uucp - the "ALL" here only lets minicom try to access modem device.
# If you are not in group uucp, it will fail with the following message:
#
#  "minicom: cannot open /dev/modem: Permission denied"
#



[cut, only facts preserved]
> > @(#)Minicom V1.83.0 (compiled Mar  7 2000)(c) Miquel van Smoorenburg
> > [lcamtuf@nimue lcamtuf]$ minicom -C foo
> > [lcamtuf@nimue lcamtuf]$ ls -l foo
> > -rw-rw-r--   1 lcamtuf  uucp            0 Aug 18 12:21 foo
[/cut]

Thanks,
Roman.
--
 -                                                                      -
| Roman Drahtmüller      <draht () suse de> //          "Caution: Cape does |
  SuSE GmbH - Security           Phone: //       not enable user to fly."
| Nürnberg, Germany     +49-911-740530 // (Batman Costume warning label) |
 -                                                                      -