OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Exploit-Dev Archives: Re: Console permissions in RH 6.X (was: R

Re: Console permissions in RH 6.X (was: Re: Window manager - impementation...)

Seth R Arnold (sarnoldWILLAMETTE.EDU)
Sat, 9 Oct 1999 13:21:41 -0700

On Sat, Oct 09, 1999 at 12:50:27PM +0300, Taneli Huuskonen wrote:
> Anyone had a look at /etc/security/console.perms on a freshly installed
> Red Hat 6.0?
>
> <sound>=/dev/dsp* /dev/audio* /dev/midi* \
> /dev/mixer* /dev/sequencer
> <cdrom>=/dev/cdrom
> [...]
> <console> 0600 <sound> 0644 root
> <console> 0600 <cdrom> 0600 root
>
> So, it's not only likely that the permissions are changed on /dev/cdrom
> rather than /dev/hdc isn't only highly likely, it's a fact. However,
> I'm more concerned about the permissions the sound devices revert to
> when you log out from console. They become world readable, meaning that
> if you have a microphone connected to your soundcard, you can be
> eavesdropped by a remote user.

I can't speak for any redhat installations, but every linux distribution I
have used in the last five or six years has had a symbolic link from
/dev/cdrom to /dev/hd? or /dev/sd? depending on whether it was a scsi device
or ide device. (Probably also for those wierd proprietary devices too..)

Symlinks have fun permissions -- rwxrwxrwx -- so, if whatever program sets
the permissions based on the /etc/security/console.perms file isn't smart
enough to follow symlinks (or, maybe, is smart enough to NOT follow
symlinks) then the line setting permissions on the CD will have no effect.
If it follows symlinks, then, of course, it will have the exact effect you
describe. 

--
Seth Arnold | http://www.willamette.edu/~sarnold/
Hate spam? See http://maps.vix.com/rbl/ for help
Hi! I'm a .signature virus! Copy me into
your ~/.signature to help me spread!

This archive was generated by hypermail 2.0b3 on Mon Oct 11 1999 - 19:57:08 CDT