Bugtraq mailing list archives
Re: RH 6.1 / 6.2 minicom vulnerability
From: Sylvain Robitaille <syl () ALCOR CONCORDIA CA>
Date: Tue, 29 Aug 2000 20:57:45 -0400
Ben Lull wrote:
... Yep Slackware (7.x) too using minicom 1.82 and 1.82.1
Just for the record, I checked with Slackware-4, which also has minicom-1.82, (but I've already changed mine to be setgid "modem" so it has only permission to write to the modem device). One thing Ben's example didn't show is confirmation that this problem follows symlinks on his system, and creates the file accoring to the umask, which I've found to be the case on mine: : charlotte[syl] ~; ln -s /tmp/foo . : charlotte[syl] ~; ( umask 2 ; minicom -C foo ) minicom: cannot open /dev/ttyS1: Permission denied : charlotte[syl] ~; ls -l /tmp/foo -rw-rw-r-- 1 syl modem 0 Aug 29 20:44 /tmp/foo Lessons learned: - don't install UUCP commands unless you actually need them, (and most people really don't anymore. If you install UUCP commands, *know* what other programs will run with the same privileges. - go through your system after installation and reduce permissions to only what's required. There's nothing on my system that would be writable to group modem, except of course the modem device. -- ---------------------------------------------------------------------- Sylvain Robitaille syl () alcor concordia ca Systems analyst Concordia University Instructional & Information Technology Montreal, Quebec, Canada ----------------------------------------------------------------------
Current thread:
- RH 6.1 / 6.2 minicom vulnerability Michal Zalewski (Aug 21)
- Re: RH 6.1 / 6.2 minicom vulnerability Fred Souza (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Moritz Hardt (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Roman Drahtmueller (Aug 23)
- Re: RH 6.1 / 6.2 minicom vulnerability denis (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Andreas Hasenack (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Kris Kennaway (Aug 23)
- Re: RH 6.1 / 6.2 minicom vulnerability Dpk (Aug 25)
- <Possible follow-ups>
- Re: RH 6.1 / 6.2 minicom vulnerability Ben Lull (Aug 22)
- Re: RH 6.1 / 6.2 minicom vulnerability Sylvain Robitaille (Aug 30)
- Re: RH 6.1 / 6.2 minicom vulnerability Ben Lull (Aug 31)
- Re: RH 6.1 / 6.2 minicom vulnerability Sylvain Robitaille (Aug 30)