mailing list archives
Re: Securax Advisory 13
From: Fyodor <fygrave () SCORPIONS NET>
Date: Tue, 2 Jan 2001 14:19:13 -0500
no source code to audit. This document is subject to change
I. Problem Description
when someone telnets to a unix system, the tty that will be assigned to him
will be writable for any user on the system. However, when he is logged in,
his tty will not be writable for all users. So if someone would write data
a tty that is currently used by someone who's logging in, that person won't
be able to log in.
Wrong, he will be. Having the tty w/w is not a good thing however, you
could throw some junk on a user's screen which could mess-up terminal
settings pretty badly.
PGP fingerprint = 56DD 1511 DDDA 56D7 99C7 B288 5CE5 A713 0969 A4D1