On Sun, Jun 06, 1999 at 07:15:05PM +0000, noc-wage wrote: > Many of you RedHat 6.0 users who installed RedHat 6.0 rather than > upgrading may have noticed the new way RedHat displays remote TTY's. > Instead of the old fashioned /dev/ttyp<number>, it now uses > /dev/pts/<number>. There is a flaw in this new implementation that > local > users can exploit to cause minor disruption to anyone using X-windows on > the local machine. > This DoS is more of a nuisance than a "real problem" but it could > possibly > be used to cause some minor havok. Another permission problem in RedHat 6.0 is the cdrom device /dev/hd[abcd]. It's world readable (think about backups). Anyway if you are RedHat 6.0 user check your /dev/* permissions/owners. bye, antirez -- Salvatore Sanfilippo antirez | md5330at_private | antirezat_private try hping: http://www.kyuzz.org/antirez antirezat_private 'se la barca non ce l'hai dove uzba te ne vai? se la barca te la ruba, preo.' (M. Abruscato & O. Carmeci)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:24 PDT