Linux Red Hat 6.0 /dev/hd[abcd] CD-ROM permissions are world readable, along with several other /dev/* programs.
a884be6cde536943d8c314407f2b6072b18dbe437b5764347192074e4c21d967
Date: Thu, 3 Jun 1999 18:46:05 +0200
From: Salvatore Sanfilippo -antirez- <md5330@mclink.it>
To: BUGTRAQ@netspace.org
Subject: Re: RedHat 6.0 cdrom permissions (was RedHat 6.0, /dev/pts permissions bug when using xterm)
On Sun, Jun 06, 1999 at 07:15:05PM +0000, noc-wage wrote:
> Many of you RedHat 6.0 users who installed RedHat 6.0 rather than
> upgrading may have noticed the new way RedHat displays remote TTY's.
> Instead of the old fashioned /dev/ttyp<number>, it now uses
> /dev/pts/<number>. There is a flaw in this new implementation that
> local
> users can exploit to cause minor disruption to anyone using X-windows on
> the local machine.
> This DoS is more of a nuisance than a "real problem" but it could
> possibly
> be used to cause some minor havok.
Another permission problem in RedHat 6.0 is the cdrom device /dev/hd[abcd].
It's world readable (think about backups).
Anyway if you are RedHat 6.0 user check your /dev/* permissions/owners.
bye,
antirez
--
Salvatore Sanfilippo antirez | md5330@mclink.it | antirez@alicom.com
try hping: http://www.kyuzz.org/antirez antirez@seclab.com
'se la barca non ce l'hai dove uzba te ne vai?
se la barca te la ruba, preo.' (M. Abruscato & O. Carmeci)