For mgetty users with non-trusted shell logins

Gert Doering (gert@greenie.muc.de)
Wed, 27 Jan 1999 16:57:52 +0100

Messages sorted by:[ date ][ thread ][ subject ][ author ]

Hi,

On Wed, Jan 27, 1999 at 12:20:48AM -0600, Robert Canary wrote:
> > If there's no /dev/whatever, and modems connections are kind of
> > "one-way", you aren't vulnerable.
> 
> I don't see how it is possible *not* to have a ttyXx or cuaX under /dev.
> mgetty+sendfax config revolves around those devices.  So is this a
> teaser or
> can it be done?

It can be done.  But you have to use ptylogin or so, to make sure the
ttyX devices can NEVER be opened directly by any login user on your
machine (make them root.uucp, mode 660, plus use ptylogin, and things
work).

Or do not give untrusted users modem dialin access.  Sorry.

gert
-- 
Gert Doering
Mobile communications ... right now writing from *AWAY* :-)) 
... mobile phone: +49 177 2160221 ... or mail me:  gert@greenie.muc.de