For mgetty users with non-trusted shell logins

• Messages sorted by:[ date ][ thread ][ subject ][ author ]

Hi,

On Thu, Jan 28, 1999 at 12:32:42PM +0100, l41484@alfa.ist.utl.pt wrote:
> perhaps. Speaking of which, i noticed the tty's when unused (the ones that
> will be used for the console for example) have mode 622.  Why not 600 ?
> (or 660 since they are root:root owned)

Possibly so that things like "wall" works all the time?  Hard to say,
I don't see any real reason for it...

[..]
> > However, it looks like many people are using Linux nowadays in this
> > fashion, and after all, if you run after all the buffer overflow
> > problems which may or not be exploited, why not go for the
> > more fondamental problems too ?
> 
> In my opinion, _all_ security problems should be solved. The minor and the
> majors. 

Yep.  As long as it doesn't break real world stuff - if a system is
absolutely secure, it's also absolutely unusable.

> Off course, problems like, you can exploit this, if condition A &
> B & .... Z, are met and they have a _very low_ probability of happening, i
> would give them a lower priority. :-)
> 
> Maybe you should give it a shot on Linux's security audit ML?
> 
> (security audit <security-audit@ferret.lmh.ox.ac.uk>)

Interesting idea.  Actually, Linux isn't our main concern - I'm pretty
confident Tytso will add an appropriate "paranoia bit" to the serial
driver - but CommercialUnix in its various flavours is...

Which brings me to something :) - I will start hacking on FAS again,
because as it isn't actively maintained anymore, there is nobody who
will add this SecureTty bit to it now...

> BTW this hasn't appeared on bugtraq, has it?

Haven't seen it.

gert
-- 
Gert Doering
Mobile communications ... right now writing from *AWAY* :-)) 
... mobile phone: +49 177 2160221 ... or mail me:  gert@greenie.muc.de