After seeing the previous message on this topic, I looked at my Red Hat 6.0 system (with the 2.2.5-22 kernel upgrade from Red Hat), and found that his message is correct - when using a "gnome-terminal", as opposed to "xterm" or "nxterm". All 3 types of terminals use the /dev/pts/(number) with this version of Red Hat 6.0, but it looks like if you launch an "xterm" or "nxterm" the permissions for those terminal windows are set like this: crw--w---- 1 stoddard stoddard 136, 0 Jun 7 23:44 0 This would appear to give only my user login and group "stoddard" (on my system, that group only has one user) write access to that terminal window. It appears that the problem is with the "gnome-terminal" program, part of the "gnome-core" RPM from the Red Hat 6.0 install (specifically, on my system, that would be gnome-core-1.0.4-34.i386.rpm), that is susceptible to the attacks mentioned in the previos message (and I have been able to do the "cat /dev/urandom > /dev/pts/(number)" and see the random stream of characters on that window. Patrick Stoddard, M.I.S. Manager Community Information & Referral 1515 E. Osborn Road Phoenix AZ 85014-5390 E-mail: patrickat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:26 PDT