Date: Thu, 3 Jun 1999 18:46:05 +0200 From: Salvatore Sanfilippo -antirez- To: BUGTRAQ@netspace.org Subject: Re: RedHat 6.0 cdrom permissions (was RedHat 6.0, /dev/pts permissions bug when using xterm) On Sun, Jun 06, 1999 at 07:15:05PM +0000, noc-wage wrote: > Many of you RedHat 6.0 users who installed RedHat 6.0 rather than > upgrading may have noticed the new way RedHat displays remote TTY's. > Instead of the old fashioned /dev/ttyp, it now uses > /dev/pts/. There is a flaw in this new implementation that > local > users can exploit to cause minor disruption to anyone using X-windows on > the local machine. > This DoS is more of a nuisance than a "real problem" but it could > possibly > be used to cause some minor havok. Another permission problem in RedHat 6.0 is the cdrom device /dev/hd[abcd]. It's world readable (think about backups). Anyway if you are RedHat 6.0 user check your /dev/* permissions/owners. bye, antirez -- Salvatore Sanfilippo antirez | md5330@mclink.it | antirez@alicom.com try hping: http://www.kyuzz.org/antirez antirez@seclab.com 'se la barca non ce l'hai dove uzba te ne vai? se la barca te la ruba, preo.' (M. Abruscato & O. Carmeci)