On Dec 21, 8:52pm, Diego Zamboni wrote: > Subject: World writable devices in Irix? > > I'm just speculating here (I'm not an expert on Irix internals), but the > following default permissions in Irix 5.3 look a bit dangerous to me: > > crw-rw-rw- 1 root sys 10, 56 Sep 11 1995 /dev/gfx > crw-rw-rw- 2 root sys 0, 30 Sep 11 1995 /dev/keybd > crw-rw-rw- 2 root sys 0, 31 Sep 11 1995 /dev/mouse > > Does this mean that anybody can read/write to the graphics display, the > keyboard and the mouse? I expect it does. But note that there is also: crw-rw-rw- 1 root sys 39, 0 Mar 4 1994 /dev/audio which means that anyone can listen in to what is being said around your workstation. *ALL* such devices *SHOULD* have their ownership and permissions set to what is required by the Xstartup script (in /usr/lib/X11/xdm == /var/X11/xdm). They should also be reset to be owned by root (and not necessarily work-readable, otherwise you could snoop on the /dev/audio of a workstation which isn't being used) by the Xreset file. However, I haven't yet seen a workstation that has any device file configuring done in these two files. And it is not necessarily obvious which device files need to be changed, and what permission bits need to be set. Workstation vendors *SHOULD* add these parts themselves (they are the ones who really know which device does what). At the very least they could put them into an if clause which you have to edit to activate. But they *SHOULD* add the relevent code themselves..... I look forward to hearing whether any vendor actually does do this. I will be even more impressed if there is one which does it correctly (and adds/changes lines as new devices are added!!).