| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Jul 2004 00:10:05 -0400 From: Coleman Kane <cokane@...ane.org> To: Maarten Tielemans <TTIelu_DaInfraCrew@...mail.com> Cc: bugtraq@...urityfocus.com Subject: Re: aterm 0.4.2 tty permission weakness I'm using aterm 0.4.2 on my gentoo 2004.1 box. It looks like this: cokane@...izophreniac:~> ls -l /dev/pts/16 crw--w---- 1 cokane tty 136, 16 Jul 14 00:09 /dev/pts/16 That is with mesg y. And I checked, it -is- pts/16. On Tue, 2004-07-13 at 12:04, Maarten Tielemans wrote: > Aterm has an issue with creating a terminal. > > A quick ls al on a aterm with mesg y shows: > crw--w--w- 1 alsdk users 5, 3 Jul 13 17:27 /dev/ttyp3 > with mesg n: > crw-----w- 1 alsdk users 5, 3 Jul 13 17:28 /dev/ttyp3 > > 1) World (nobody) is able to echo or cat towards the terminal > echo hello >> /dev/ttyp3 > cat mkdir >> /dev/ttyp3 > 2) The group seems to be incorrect, a normal terminal has default group tty > > A xterm with mesg y shows : > crw--w---- 1 ttielu tty 5, 5 Jul 13 17:27 ttyp5 > and with mesg n : > crw------- 1 ttielu tty 5, 5 Jul 13 17:27 ttyp5 > > Advice: use xterm > > Bug found by TTIelu, reverse engineered by alsdk and TTIelu
Powered by blists - more mailing lists