Xref: utzoo comp.unix.wizards:25293 alt.security:2381
Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!thunder.mcrcim.mcgill.edu!snorkelwacker.mit.edu!think.com!samsung!rex!ukma!dftsrv!mimsy!mojo!russotto
From: russotto@eng.umd.edu (Matthew T. Russotto)
Newsgroups: comp.unix.wizards,alt.security
Subject: Re: BSD tty security, part 4: What You Can Look Forward To
Message-ID: <1991May1.170641.17086@eng.umd.edu>
Date: 1 May 91 17:06:41 GMT
References: <3600:Apr2614:04:4391@kramden.acf.nyu.edu> <1991Apr30.224740.17040@pcserver2.naitc.com>
Sender: news@eng.umd.edu (C-News)
Organization: College of Engineering, Maryversity of Uniland, College Park
Lines: 21

In article <1991Apr30.224740.17040@pcserver2.naitc.com> kdenning@pcserver2.naitc.com (Karl Denninger) writes:
>
>The most obvious attempts, taking over "unused" ptys slave ends, result in
>the system skipping them when assignment time comes around.  This prevents
>the most obvious ways to exploit this hole.  I believe MIPS may be using
>some form of "O_EXCL" to prevent multiple access....
>
>The RS/6000 dynamically creates ptys, and thus doesn't suffer from the
>problem at all.
>
>ISC, Apple (A/UX), and Sun, DO have the problem.
>
>KUDOS TO MIPS ON THIS ONE.  They got it right.

With Sun and Ultrix, you seem to be able to affect telnets while the 'login'
and 'passwd:' prompts are up-- once the session starts, Ultrix stops the
TIOCSTI process, and Sun hangs up both the incoming telnet and the TIOCSTI
process.  A/UX doesn't even have TIOCSTI-- am I missing something?
--
Matthew T. Russotto	russotto@eng.umd.edu	russotto@wam.umd.edu
     .sig under construction, like the rest of this campus.