Digital UNIX/Irix mesg problem

tomSBA.MIAMI.EDU

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Theo de Raadt: "Re: Smashing the Stack: prevention?"
• Previous message: David Sacerdote: "vulnerabilities in kerberos"
• Next in thread: John Sheehy: "Re: Digital UNIX/Irix mesg problem"

        This is rather stupid and not much of a bug, but it shouldn't
happen.  Basically, the permissions on your tty are set correctly, with
messages on, during login.  If you turn them off, and then turn them back
on, your tty becomes world writable.  (Actually, you don't have to turn
them off, mesg y automatically sets permissions that way).  I don't
remember that being that way in Digital UNIX 3, but I can't think of a box
to check it on.  I noticed that Ultrix, FreeBSD, and Solaris don't have
this problem.  I also noticed that Irix does the same thing (has the
problem).  I did call DEC, but they seemed rather confused.  I don't see
any reason for this.  Nothing to exploit, but I guess people could easily
fake a write from another user, or send annoying things anonymously
(cat /vmunix > /dev/ttyXX).

% tty
/dev/ttyp4
% ls -l /dev/ttyp4
crw--w----   2 tom      terminal   6,  4 Apr 29 14:50 /dev/ttyp4
% mesg n
% ls -l /dev/ttyp4
crw-------   2 tom      terminal   6,  4 Apr 29 14:50 /dev/ttyp4
% mesg y
% ls -l /dev/ttyp4
crw--w--w-   2 tom      terminal   6,  4 Apr 29 14:50 /dev/ttyp4

____________________________________________________________________

Tom Leffingwell                Office: Jenkins 314K
Systems Manager                Office Phone: (305) 284-1962
Network Security               Email: tomsba.miami.edu

School of Business
University of Miami
____________________________________________________________________

• Next message: Theo de Raadt: "Re: Smashing the Stack: prevention?"
• Previous message: David Sacerdote: "vulnerabilities in kerberos"
• Next in thread: John Sheehy: "Re: Digital UNIX/Irix mesg problem"