Peter Wemm writes: > Hmm. something else I though of too. Imagine: root is logged in on > /dev/pts/34, and has the tty set to mode 0622. Guess what this would > do if you were a normal user: /usr/lib/pt_chmod 1 > /dev/pts/34 > You could then TIOCSTI to your hearts content. As has been pointed out to me, this does not work.. (Hi Bela!) /usr/lib/pt_chmod works on an unnamed clone of /dev/ptmx. It wont chown anything unless you've passwd a /dev/ptmx descriptor in. > If you a SYSV derived system, you might like to replace > /usr/lib/pt_chmod with something like the code below. No promises > that it even works, but at least it should prevent some of the abuse > above. Read through it and once you are happy that it wont screw up > any more than the standard pt_chmod, make it mode 4111. And here's a fixed version... It doesn't go overboard on unnecessary fascism that it gets wrong. This is called by the grantpt(fd) library call on a descriptor that is opened from /dev/ptmx. This should run on just about anything with /dev/ptmx. -------------------- /* Copyright (C) 1994, Peter Wemm. All rights reserved. Standard disclaimer: If this doesn't work: tough. If you lose millions because this messes up, it's you that's out the millions, not me. If you don't like this disclaimer: tough. I reserve the right to do the absolute minimum provided by law, up to and including nothing. This is basically the same disclaimer that comes with all software packages, but this is in plain English and theirs is in legalese. I didn't want to include any disclaimer at all, but the lawyers insist. [inspired by Haventrees Software's EasyFlow disclaimer, as posted on usenet] */ #include <sys/types.h> #include <stdio.h> #include <grp.h> #include <unistd.h> int main(int ac, char **av) { int fd; int gid = getgid(); int uid = getuid(); int mode = 0600; char *name; struct group *gr; if (ac != 2) exit(255); /* not enough args */ /* look for a secure tty group, and alter the permissions if found */ if ((gr = getgrnam("tty")) != NULL) { gid = gr->gr_gid; /* found protected group 'tty' */ mode = 0620; } else if ((gr = getgrnam("terminal")) != NULL) { gid = gr->gr_gid; /* found protected group 'terminal' */ mode = 0620; } fd = atoi(av[1]); name = ptsname(fd); if (name == NULL) exit(255); /* not a pty */ if (chmod(name, mode) < 0) exit(255); /* couldn't chmod */ if (chown(name, uid, gid) < 0) exit(255); /* couldn't chown */ exit(0); } -------------------- -Peter