A partial user-mode tty security fix for SunOS, Ultrix, et al.
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Fri Jun 14 02:43:16 AEST 1991
In the referenced article, Jussi Eloranta presents a patch to telnetd
meant to stop tty problems under SunOS 4.1.1. Unfortunately, the patch
doesn't accomplish any more than Sun's patch as announced a while back
by CERT. Neither patch stops my SunOS 4.1.1 test code, and I don't think
it's safe to believe that either patch will stop the Dutch hackers for
long.
> Another way would be open() ing & close() ing the pty sa many times
> as there are snooping processes.
This doesn't solve anything either.
> BTW the snooping stuff doesn't seem to work too well with rlogin ...
> I assume rlogind is doing some open() & close() ing on the pty ?
My best guess as to what Jussi means here: ``The Dutch break code, as
posted to a few newsgroups recently, does not work with SunOS 4.1.1
rlogin.'' This is because the SunOS 4.1.1 rlogind already had Sun's
patch installed.
---Dan
More information about the Comp.unix.wizards
mailing list