Re: RedHat 6.0, /dev/pts permissions bug when using xterm

From: Scott Wunsch (scottat_private)
Date: Fri Jun 11 1999 - 10:29:42 PDT

Next message: Javi Polo: "Re: vulnerability in su/PAM in redhat"

Previous message: Tani Hosokawa: "Re: vulnerability in su/PAM in redhat"
Maybe in reply to: noc-wage: "RedHat 6.0, /dev/pts permissions bug when using xterm"
Next in thread: Brian D. Winters: "Re: RedHat 6.0, /dev/pts permissions bug when using xterm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> This is not sufficient when using rxvt and apparently several other
> xterm-a-likes.  By default rxvt overides the gid with the user's gid
> and changes the permissions to 622, even if the permissions specified
> in fstab are more restrictive than 622.  The solution with rxvt is to
> pass --enable-ttygid to the configure script.

I've been playing with this, and --enable-ttygid isn't enough either.  It looks
like rxvt has to bee suid root in order to set the gid on the tty.  Mortals
can't do it:

[scott@pytheas] ~$ chgrp tty /dev/pts/1
chgrp: you are not a member of group `tty': Operation not permitted


So which one is the bigger security risk?  Suid root xterms or world-writable
pseudottys?

--
Take care,
Scott \\'unsch

Next message: Javi Polo: "Re: vulnerability in su/PAM in redhat"
Previous message: Tani Hosokawa: "Re: vulnerability in su/PAM in redhat"
Maybe in reply to: noc-wage: "RedHat 6.0, /dev/pts permissions bug when using xterm"
Next in thread: Brian D. Winters: "Re: RedHat 6.0, /dev/pts permissions bug when using xterm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:49:09 PDT