Xref: utzoo comp.unix.wizards:25243 alt.security:2360
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!uunet!pcserver2!kdenning
From: kdenning@pcserver2.naitc.com (Karl Denninger)
Newsgroups: comp.unix.wizards,alt.security
Subject: Re: BSD tty security, part 4: What You Can Look Forward To
Summary: Let's have the facts Dan
Message-ID: <1991Apr29.222139.21284@pcserver2.naitc.com>
Date: 29 Apr 91 22:21:39 GMT
References: <3600:Apr2614:04:4391@kramden.acf.nyu.edu> <13218@goofy.Apple.COM>
Organization: AC Nielsen, Bannockburn IL USA
Lines: 40

In article <13218@goofy.Apple.COM> erc@Apple.COM (Ed Carp) writes:
>In article <3600:Apr2614:04:4391@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>
>>6. I will give further details on the security holes to anyone who
>>convinces me that he has a legitimate interest. That means I want a
>>verifiable chain of people and phone numbers from the contact for a
>>major network down to whoever wants the information, plus a better
>
>Um, what IS this bullshit?  Who the hell are you to set yourself up as some sort
>of net.god and tell us that you will "bless" us with all your neat little hacks
>and info only if we satisfy your little set of rules?  

(lots more flamage deleted)

I have to agree.

I am in charge of Internet and external security here.  There is another
group which is in charge of internal security.

Both of us, I'm sure, would like to have some FACTS on this stuff.  TIOCSTI
is well known as a problem, but I thought that was supposed to be restricted
to use by root (unless it's your control terminal....).

I think I just heard you say that was all malarkey, that anyone could
TIOCSTI my root session while logged in over a pty, and that you could
exploit those items to gain control of my session.

From the manual pages, I believe it shouldn't work.

If this is not true, I would like details.  Not just "fixes", or
pontificating, but details.  I can patch around lots of things, and replace
system code if necessary.  Without some DETAILS it's difficult at best.

--
Karl Denninger - AC Nielsen, Bannockburn IL (708) 317-3285
kdenning@nis.naitc.com

"The most dangerous command on any computer is the carriage return."
Disclaimer:  The opinions here are solely mine and may or may not reflect
  	     those of the company.