On Sunday, 06 June 1999, at 19:15:05 (+0000), noc-wage wrote: > In the case of RedHat 6.0 with regular remote connections (like telnet) > the standard permissions are as follows: > > crw--w---- 1 ov3r tty 136, 0 Jun 6 12:32 /dev/pts/0 > > Here it's almost the same except that group "tty" also has write access. > > > The problem lies in the way that the permissions are set for local > connections with the X server using xterm. > if you do an ls -l /dev/pts/<the xterm's tty> (we will use pts/0) > You get: > crw--w--w- 1 ov3r ov3r 136, 0 Jun 6 12:32 /dev/pts/0 > > Notice how now "everyone" has write access to this terminal? If compiled with USE_TTY_GROUP defined, xterm checks for the "tty" group. If it exists, the permissions on the terminal device are set to 0620. If it does not exist, or if USE_TTY_GROUP is not defined, the permissions are set to 0622. You can fix this by either recompiling with USE_TTY_GROUP defined, or by editing main.c and changing the permissions there. Since Eterm was mentioned, I will go ahead and say this. If Eterm is has sufficient permissions (either by being installed setuid root or by being executed by the owner of the tty), it will change the ownership and permissions on the device to 0620. If it cannot change the permissions on the device, any vulnerabilities resulting therefrom are the responsibility of the system administrator. No current version of Eterm sets the permissions on any device file to 0622 under Linux. Michael -- ======================================================================= Michael Jennings <mejat_private> Co-author, Eterm (www.eterm.org) UNIX Administrator, 3Com Corp., Chicago, IL www.tcserv.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:24 PDT