BSD tty security, part 3: How to Fix It

Perry E. Metzger metzger at watson.ibm.com
Tue Apr 30 04:43:51 AEST 1991


In article <564 at appserv.Eng.Sun.COM> lm at slovax.Eng.Sun.COM (Larry McVoy) writes:
>Is all this fuss really worth it?  I hate to appear caveliar and I
>don't speak for Sun, just as a user, but does anyone really care?  OK,
>anyone except the Feds?  Yeah, the system is insecure.  In many
>places.  It seems to me that worrying about anti-social behavior
>through tty's is the least of our problems.

I care. I care a lot.

>I would much rather see all this energy going into making the system
>secure enough that ``bad'' people can't login, rather then worrying
>about the annoying write messages from people who have been given an
>account.  Seems to me that you are in much worse trouble if you let an
>outsider into your network/machine.  As long as we manage to prevent
>that from happening, I think most admins can deal with people
>misbehaving.

But outsiders DO get in. People give other people their passwords, or
they are stupid about picking them, or they do other idiotic things.
System administrators get lazy.

Most of the article WAS NOT ABOUT WRITE. It was about the severe
problems in BSD and derived ptys. These defects allow people, once on
the system, to do really nasty things, like steal passwords. I know, I
know, you are the perfect system administrator and never have anyone
break in to your machine. However, when someone does break in to your
machine, won't you be happier to have the pty holes FIXED? Its not
such a big deal, and it would make everyone happier.

Now, if you want to argue that the proposed fixes weren't good, or
propose better and cleaner ones, fine. But I think that fixing the
problems is a matter of importance.

>I dunno, maybe I'm missing some important point, but it seems rather
>paranoid to me to worry about the people who have accounts on your
>machine.  You trusted them enough to give them an account, where did
>that trust go?

You ignore the fact that unix is quite insecure. People break in to
machines all the time. Saying that you depend entirely on having an
impenetrable interface to the outside to protect you is foolish; one
day, someone will get past your front door, and you will be lying back
beyond it with your balls exposed to the next sledgehammer blow.

You have file protections set on your machine, right? Well, the pty
holes sort of make them meaningless. You keep your root password a
secret, right? If anyone breaks in to your machine, you might as well
leave a file in / with "ROOT_PASSWORD" as its name and the password
inside if you don't fix your pty problems, because the next time you
su on a pty port you could be giving away the root password.

Everyone now knows about the pty problems. Lets fix them before people
start hurting from them, shall we?

Perry



More information about the Comp.unix.wizards mailing list