Xref: utzoo comp.unix.wizards:25307 alt.security:2390 Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!uunet!pcserver2!genesis!kdenning From: kdenning@genesis.Naitc.Com (Karl Denninger) Newsgroups: comp.unix.wizards,alt.security Subject: Re: BSD tty security, part 4: What You Can Look Forward To Summary: MIPS and DEC are not the same company ;-) Message-ID: <1991May1.205507.17032@pcserver2.naitc.com> Date: 1 May 91 20:55:07 GMT References: <3600:Apr2614:04:4391@kramden.acf.nyu.edu> <1991Apr30.224740.17040@pcserver2.naitc.com> <1991May1.170641.17086@eng.umd.edu> Sender: usenet@pcserver2.naitc.com (News Poster for NNTP) Organization: AC Nielsen Co., Bannockburn IL Lines: 35 Nntp-Posting-Host: genesis.naitc.com In article <1991May1.170641.17086@eng.umd.edu> russotto@eng.umd.edu (Matthew T. Russotto) writes: >In article <1991Apr30.224740.17040@pcserver2.naitc.com> kdenning@pcserver2.naitc.com (Karl Denninger) writes: >> >>The most obvious attempts, taking over "unused" ptys slave ends, result in >>the system skipping them when assignment time comes around. This prevents >>the most obvious ways to exploit this hole. I believe MIPS may be using >>some form of "O_EXCL" to prevent multiple access.... >> >>The RS/6000 dynamically creates ptys, and thus doesn't suffer from the >>problem at all. >> >>ISC, Apple (A/UX), and Sun, DO have the problem. >> >>KUDOS TO MIPS ON THIS ONE. They got it right. > >With Sun and Ultrix, you seem to be able to affect telnets while the 'login' >and 'passwd:' prompts are up-- once the session starts, Ultrix stops the >TIOCSTI process, and Sun hangs up both the incoming telnet and the TIOCSTI >process. A/UX doesn't even have TIOCSTI-- am I missing something? Ultrix and MIPS are only related in that MIPS supplies DEC with the chips. We have a MIPS RISCserver here, model 3260. Runs Risc/OS 4.52. Darn nice implementation. I keep finding more and more things to like about it, and only a few I don't like. DEC's porting base for Ultrix is not related to RiscOS as far as I know. -- Karl Denninger - AC Nielsen, Bannockburn IL (708) 317-3285 kdenning@nis.naitc.com "The most dangerous command on any computer is the carriage return." Disclaimer: The opinions here are solely mine and may or may not reflect those of the company.