Re: FreeBSD Security Advisory FreeBSD-SA-04:15.syscons
From: Jacques A. Vidrine (nectar_at_FreeBSD.org)
Date: 10/05/04
- Previous message: Alex de Kruijff: "Re: compare-by-hash (was Re: sharing /etc/passwd)"
- In reply to: Darren Pilgrim: "RE: FreeBSD Security Advisory FreeBSD-SA-04:15.syscons"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 5 Oct 2004 07:37:54 -0500 To: Darren Pilgrim <dmp@bitfreak.org>
Hi Darren,
On Mon, Oct 04, 2004 at 04:15:07PM -0700, Darren Pilgrim wrote:
> > FreeBSD-SA-04:15.syscons
> <...>
> > IV. Workaround
> >
> > There is no known workaround. However, this bug is only exploitable
> > by users who have access to the physical console or can otherwise open
> > a /dev/ttyv* device node.
>
> Is there anything in the base system that, by design or flaw, can be used by
> a non-root user to open a ttyv device?
Any user can open a ttyv device that she owns. But if you mean, "can
be used by a non-root user to open a ttyv device not owned by that
user?" : None of which I'm aware.
> Is the tty snoop device vulnerable by proxy?
No, it is not. The snp device does not "forward" ioctls.
Cheers,
-- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Alex de Kruijff: "Re: compare-by-hash (was Re: sharing /etc/passwd)"
- In reply to: Darren Pilgrim: "RE: FreeBSD Security Advisory FreeBSD-SA-04:15.syscons"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
