BSD tty security, part 4: What You Can Look Forward To
Keith Muller
muller at sdcc10.ucsd.edu
Fri May 3 20:11:10 AEST 1991
In article <1991May2.202847.15537 at wpi.WPI.EDU>, entropy at wpi.WPI.EDU (Lawrence C Foard) writes:
> One other possible attack occurs to me, and I don't think the fixs I have seen
> posted would prevent it:
>
> 1) Make an unused tty device into your controlling terminal,
> 2) Close it.
> 3) You currently have no open files.
> 4) Wait for a victim to log in on the tty, open /dev/tty and use TIOCSTI on it.
If #4 restores access to a previous controlling terminal, then there is
a good arguement that the semantics of /dev/tty are broken (the fact you
have a tty listed as you controlling terminal should give you no special
access rights to it unless MAYBE you also have a current fd that references it).
I would tend to want an open of /dev/tty to always check the current
access to the controlling terminal.
Keith Muller
University of California
kmuller at ucsd.edu
More information about the Comp.unix.wizards
mailing list