Re: recent gpm DoS issue

To: debian-security@lists.debian.org
Subject: Re: recent gpm DoS issue
From: Jim Breton <jamesb-debian@alongtheway.com>
Date: Fri, 28 Jul 2000 08:11:12 +0000
Message-id: <[🔎] 20000728081112.J23017@alongtheway.com>
In-reply-to: <[🔎] 20000727235603.G15798@plato.local.lan>; from erbenson@alaska.net on Thu, Jul 27, 2000 at 11:56:03PM -0800
References: <[🔎] 20000728065351.H23017@alongtheway.com> <[🔎] 20000727235603.G15798@plato.local.lan>

On Thu, Jul 27, 2000 at 11:56:03PM -0800, Ethan Benson wrote:
> pam_group is only relativly secure if your system is installed and
> configured a certain way:

Yup, some of that is mentioned in the documentation... nevertheless, it
would be a big improvement over making the socket world-writable.

Red Hat are using a pam_console module for this, here is an excerpt from
their advisory:

"For 6.x, the /dev/gpmctl ownership issue was addressed via the
pam_console helper mechanism.  This pam module makes devices  
which need to be accessible via console users owned by them and
no one else."

> what is gpmctl actually used for anyway?

I don't know exactly!  ;)  But here's what the gpm man page says:

       /dev/gpmctl     A control socket for clients

And the file only exists while gpm is running (it's removed when you
stop gpm) so I am guessing it is the socket through which clients read
mouse data.

Reply to:

Follow-Ups:
- Re: recent gpm DoS issue
  - From: Zak Kipling <zk201@cam.ac.uk>
- Re: recent gpm DoS issue
  - From: Ethan Benson <erbenson@alaska.net>

References:
- recent gpm DoS issue
  - From: Jim Breton <jamesb-debian@alongtheway.com>
- Re: recent gpm DoS issue
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: recent gpm DoS issue
Next by Date: Re: recent gpm DoS issue
Previous by thread: Re: recent gpm DoS issue
Next by thread: Re: recent gpm DoS issue
Index(es):
- Date
- Thread