Re: Eterm & others allow arbitrary commands execution via escape sequencies [Was: CAN-2003-0020?]
I believe that the permissions are changed to allow a logged in user to
access that terminal. The permissions are handled and reset by the
appropriate log in service.
plhofmei@Oneill:~$ ls -lh /dev/pts/3
crw------- 1 plhofmei tty 136, 3 Apr 19 16:47 /dev/pts/3
plhofmei@Oneill:~$
Other than that...I have always noted the /dev/tty and /dev/pts devices
to always be secured and owned by root. I have been using Debian since
Potato-- (been so long, I forgot what the code name was...)
On Mon, 19 Apr 2004 at 04:15:41PM -0400, Stephen Gran wrote:
> This one time, at band camp, Matt Zimmerman said:
> > On Mon, Apr 19, 2004 at 09:31:27PM +0200, Jan Minar wrote:
> > > % ssh kh
> > > jan@kh's password:
> > > Linux kontryhel 2.4.26-jan #3 SMP Mon Apr 19 05:00:00 CEST 2004 i686 unknown
> > > % echo 'Morning, Mister root, welcome to a jail 8-)' > /dev/tty63
> > > % while :; do echo -e '\033[12;63]' > /dev/tty63; done
> >
> > The relevant permissions are more restrictive with udev:
> >
> > crw------- 1 root root 4, 63 2004-03-17 16:23 /dev/tty63
>
> And on a newly installed sid box:
> crw------- 1 root tty 4, 63 2004-03-23 16:49 /dev/tty63
>
> No udev here. Previous installs may have had bad permissions, but
> current ones do not. Perhaps, Jan, if you're interested, file a bug
> against makedev or one fo the other associated packages, asking them to
> check the permissions on these devices on upgrade, and correct if
> necessary. Seems trivial enough to do. A patch would probably not
> hurt.
>
> --
> -----------------------------------------------------------------
> | ,''`. Stephen Gran |
> | : :' : sgran@debian.org |
> | `. `' Debian user, admin, and developer |
> | `- http://www.debian.org |
> -----------------------------------------------------------------
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import
Reply to: