|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Securax Advisory 13
From: Fyodor (fygrave
SCORPIONS.NET)Date: Tue Jan 02 2001 - 13:19:13 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> no source code to audit. This document is subject to change
> without
> prior notice.
>
> I. Problem Description
> -----------------------
>
> when someone telnets to a unix system, the tty that will be assigned to him
> will be writable for any user on the system. However, when he is logged in,
> his tty will not be writable for all users. So if someone would write data
> to
> a tty that is currently used by someone who's logging in, that person won't
> be able to log in.
>
Wrong, he will be. Having the tty w/w is not a good thing however, you
could throw some junk on a user's screen which could mess-up terminal
settings pretty badly.
-F
-- http://www.notlsd.net PGP fingerprint = 56DD 1511 DDDA 56D7 99C7 B288 5CE5 A713 0969 A4D1
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]