Xref: utzoo comp.unix.wizards:25383 alt.security:2424
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!ukc!axion!pharaoh!ian
From: ian@pharaoh.UUCP (Ian Crocker)
Newsgroups: comp.unix.wizards,alt.security
Subject: Re: BSD tty security, part 4: What You Can Look Forward To
Summary: TIOCSTI/device ownership
Message-ID: <441@pharaoh.UUCP>
Date: 3 May 91 16:47:37 GMT
References: <13266@goofy.Apple.COM> <7363:May202:45:0591@kramden.acf.nyu.edu> <438@pharaoh.UUCP>
Organization: British Telecom
Lines: 21

In article <438@pharaoh.UUCP>, ian@pharaoh.UUCP (Ian Crocker) writes:
> 
> write permission on.  However when you try and do the TIOCSTI it fails on
> all the systems I have tried it on because you are not the owner of the
> device. I know that the manual says it should work as you are trying
> to do the ioctl on your control terminal, but this is not the case on my
> systems - you have to own the device or have an euid of 0.
> 

Further to my previous post I thought of a machine I hadn't tried it on and 
sure enough it worked.  Complete control of the root terminal from an
unprivileged userid.  Seems this manufacturer is lagging behind the others -
no prizes for guessing who it is!

Ian.


-- 
Ian Crocker
NPW-mail : ian@pharaoh
usenet   : ian@cyborg.bt.co.uk