Re: SunOS's xterm pb : again !

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: dfrussell@unixmail.rtpnc.epa.gov: "Re: this is interesting..."
• Previous message: Dave Horsfall: "Re: this is interesting..."
• In reply to: Alexander Haiut: "Re: SunOS's xterm pb : again !"
• Next in thread: Casper Dik: "Re: SunOS's xterm pb : again !"

> > The pb is : Under SunOS, the terminal devices (/dev/ttyp?) are
> > owned by root, with rights rw-rw-rw-. When you log on the machine,
> > the login process changes the owner of the terminal, so the tty
> > belongs to you, with minimum access rights. BUT when using an xterm,
> > you don't have the permissions to change the owner and access rights
> > of the newly allocated tty. So the device stays owned by root,
> > WORLD READABLE and WORLD WRITEABLE !!!
> > I think this introduces a major security hole...
> 	yes, 666 is not the best mode for tty.. :)

I've turned this into Sun as a Security problem, as well as a bug. So
far the only response I've gotten from Sun is that this problem was
opened a while back, but closed as not a bug. Well, I don't see that
happening this time since I have way too many SunOS 4.x machines running
around. Of course it's 'fixed in the current release of the OS', unless
you count SunOS 4.1.4 as current.

Ciao,

-- 
Richard Bainter          Mundanely     |    System Analyst        - OMG/CSD
Pug                      Generally     |    Applied Research Labs - U.Texas
 pug@arlut.utexas.edu  |  pug@bga.com  |  pug@eden.com  |  {any user}@pug.net
Note: The views may not reflect my employers, or even my own for that matter.

• Next message: dfrussell@unixmail.rtpnc.epa.gov: "Re: this is interesting..."
• Previous message: Dave Horsfall: "Re: this is interesting..."
• In reply to: Alexander Haiut: "Re: SunOS's xterm pb : again !"
• Next in thread: Casper Dik: "Re: SunOS's xterm pb : again !"