oss-sec mailing list archives
Re: Re: CVE-2024-28085: Escape sequence injection in util-linux wall
From: Jakub Wilk <jwilk () jwilk net>
Date: Thu, 28 Mar 2024 09:38:41 +0100
* nightmare.yeah27 () aceecat org, 2024-03-27 13:57:
/etc/default/devpts
This file is used by sysvinit when mounting /dev/pts. systemd doesn't use it. It mounts /dev/pts with mode=620 by default.
/etc/login.defs
As far as I can see, TTYPERM from login.defs is used only by login(1) and sometimes¹ by su(1). If you log in through SSH, or run xterm(1) or screen(1) or... it won't have any effect.
It's all awful and undocumented. ¹ https://github.com/util-linux/util-linux/commit/17d5b264367debb7 ("su: (pty) change owner and mode for pty") -- Jakub Wilk
Current thread:
- CVE-2024-28085: Escape sequence injection in util-linux wall Skyler Ferrante (RIT Student) (Mar 27)
- Re: CVE-2024-28085: Escape sequence injection in util-linux wall nightmare . yeah27 (Mar 27)
- Re: Re: CVE-2024-28085: Escape sequence injection in util-linux wall Jakub Wilk (Mar 28)
- Re: CVE-2024-28085: Escape sequence injection in util-linux wall Jakub Wilk (Mar 27)
- Re: CVE-2024-28085: Escape sequence injection in util-linux wall Demi Marie Obenour (Mar 27)
- Re: CVE-2024-28085: Escape sequence injection in util-linux wall Solar Designer (Mar 27)
- Re: CVE-2024-28085: Escape sequence injection in util-linux wall Karel Zak (Mar 28)
- Re: CVE-2024-28085: Escape sequence injection in util-linux wall Alexander E. Patrakov (Mar 28)
- Re: CVE-2024-28085: Escape sequence injection in util-linux wall Demi Marie Obenour (Mar 27)
- Re: CVE-2024-28085: Escape sequence injection in util-linux wall nightmare . yeah27 (Mar 27)