Date: Thu, 3 Jun 1999 18:46:05 +0200
From: Salvatore Sanfilippo -antirez- <md5330@mclink.it>
To: BUGTRAQ@netspace.org
Subject: Re: RedHat 6.0 cdrom permissions (was RedHat 6.0, /dev/pts permissions bug when using xterm)

On Sun, Jun 06, 1999 at 07:15:05PM +0000, noc-wage wrote:
> Many of you RedHat 6.0 users who installed RedHat 6.0 rather than
> upgrading may have noticed the new way RedHat displays remote TTY's.
> Instead of the old fashioned /dev/ttyp<number>, it now uses
> /dev/pts/<number>.  There is a flaw in this new implementation that
> local
> users can exploit to cause minor disruption to anyone using X-windows on
> the local machine.
> This DoS is more of a nuisance than a "real problem" but it could
> possibly
> be used to cause some minor havok.

Another permission problem in RedHat 6.0 is the cdrom device /dev/hd[abcd].
It's world readable (think about backups).
Anyway if you are RedHat 6.0 user check your /dev/* permissions/owners.

bye,
antirez

--
Salvatore Sanfilippo antirez | md5330@mclink.it | antirez@alicom.com
try hping: http://www.kyuzz.org/antirez           antirez@seclab.com
'se la barca non ce l'hai dove uzba te ne vai?
 se la barca te la ruba, preo.'          (M. Abruscato & O. Carmeci)