'ct' (fwd)

Gert Doering (gert@greenie.muc.de)
Thu, 5 Nov 1998 23:32:55 +0100
Messages sorted by:[ date ][ thread ][ subject ][ author ]
Hi,

pretty pointless indeed.  Didn't know RedHat shipped it at all :-)

It will, one day, become a full blown replacement for the SysV "connect
terminal" ct program.  Until then, it doesn't really have to be included
in the distribution.  It doesn't do harm, though :-) - it is secure.

It must have suid root privileges to be able to access the serial
devices and signal mgetty to take over on the serial line (mgetty 
callback protocol).  Classic SysV "ct" has no access security, but
I'll probably add some - it's too easy to really mess up your phone
bill with it...

(If you want, please forward to the security-audit mailing list).

gert


On Thu, Nov 05, 1998 at 07:57:51PM +0100, l41484@alfa.ist.utl.pt wrote:
> 
> This comes from the linux security audit list. 
> 
> ---------- Forwarded message ----------
> Date: Tue, 3 Nov 1998 22:10:01 +0000 (GMT)
> From: Bob Tinsley <bob@earthrise.demon.co.uk>
> To: security-audit@ferret.lmh.ox.ac.uk
> Subject: 'ct'
> 
> pointless suid binary of the week?
> 
> [root@earthrise /root]# ls -l `which ct`
> -rws--x--x   1 root     root         4363 Oct 29  1997 /usr/bin/ct
> 
> [root@earthrise /root]# rpm -qf `which ct`
> mgetty-sendfax-1.1.9-3
> 
> strace, strings, and the size of the binary seem to indicate it does
> nothing more than print "ct: not yet implemented" on stderr. Still,
> dynamic-linker aside, at least it probably does it securely...
> (Although I must confess to being too lazy to download and check the
> source tonight.)
> 
> I also notice that this is suid in RH5.2 (courtesy of Jon Lewis' list).
> 
> Cheers,
> 
> 	-- Bob
> 
> 

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert@greenie.muc.de
fax: +49-89-35655025                        gert.doering@physik.tu-muenchen.de