BSD tty security, part 4: What You Can Look Forward To
Karl Denninger
kdenning at pcserver2.naitc.com
Tue Apr 30 08:21:39 AEST 1991
In article <13218 at goofy.Apple.COM> erc at Apple.COM (Ed Carp) writes:
>In article <3600:Apr2614:04:4391 at kramden.acf.nyu.edu> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
>
>>6. I will give further details on the security holes to anyone who
>>convinces me that he has a legitimate interest. That means I want a
>>verifiable chain of people and phone numbers from the contact for a
>>major network down to whoever wants the information, plus a better
>
>Um, what IS this bullshit? Who the hell are you to set yourself up as some sort
>of net.god and tell us that you will "bless" us with all your neat little hacks
>and info only if we satisfy your little set of rules?
(lots more flamage deleted)
I have to agree.
I am in charge of Internet and external security here. There is another
group which is in charge of internal security.
Both of us, I'm sure, would like to have some FACTS on this stuff. TIOCSTI
is well known as a problem, but I thought that was supposed to be restricted
to use by root (unless it's your control terminal....).
I think I just heard you say that was all malarkey, that anyone could
TIOCSTI my root session while logged in over a pty, and that you could
exploit those items to gain control of my session.
>From the manual pages, I believe it shouldn't work.
If this is not true, I would like details. Not just "fixes", or
pontificating, but details. I can patch around lots of things, and replace
system code if necessary. Without some DETAILS it's difficult at best.
--
Karl Denninger - AC Nielsen, Bannockburn IL (708) 317-3285
kdenning at nis.naitc.com
"The most dangerous command on any computer is the carriage return."
Disclaimer: The opinions here are solely mine and may or may not reflect
those of the company.
More information about the Comp.unix.wizards
mailing list