For mgetty users with non-trusted shell logins

Gert Doering (gert@greenie.muc.de)
Wed, 27 Jan 1999 22:41:02 +0100

Messages sorted by:[ date ][ thread ][ subject ][ author ]

Hi,

On Wed, Jan 27, 1999 at 06:01:10PM +0100, l41484@alfa.ist.utl.pt wrote:
> > > Do you know the details of the AIX/terminal server implementation ?
> > > Isn't it just the ``rlogin trick'' also and thus not vulnerable ?
> > 
> > No, the /dev/tty<x> is *hardwired* via a special device driver to 
> > "terminal server <a>, port <b>".  So you can use this for dialout, and
> > there is a mgetty listening on this /dev/tty<x> device for answer ->
> > I'm fairly sure it works.
> 
> What are the priveleges for the devices when NO connection is established?

root.uucp/660 (there is a mgetty running), but that does NOT help per
se.  

I cannot go into more details without explaining the whole thing, but
the problem is that when a user logs in (and out), the device belongs
to *him*, and that's the real problem that ptylogin/rlogin works around
(there, the user owns the pty, and might do bad things with that, but
won't get access to the real tty).

gert
-- 
Gert Doering
Mobile communications ... right now writing from *AWAY* :-)) 
... mobile phone: +49 177 2160221 ... or mail me:  gert@greenie.muc.de