bernstein vs muller were different tty bugs
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Thu May 9 01:50:22 AEST 1991
In article <19119 at sdcc6.ucsd.edu> muller at sdcc10.ucsd.edu (Keith Muller) writes:
> After grinding through as many unix src as I could find, it turns out
> that Dan and I are addressing two completely different tty bugs. They
> have similar end results, but are done in very different ways.
Well, I must admit that I don't know what Muller is talking about here.
If he means to imply that my changes don't solve a certain tty hole, I'm
reasonably sure he's wrong. Anyone who wants to know why a particular
attack is stopped can send me e-mail about it.
> The bug I was talking has been fixed in 4.3 RENO, but is in
> many other UNIX variants.
I think Muller is trying to say here that he finally understands that he
was wrong about u_ttyd. BSD 4.3-Reno has u_ttyvp; contrary to his
previous statements, previous BSD releases have u_ttyd, so his fixes
won't work except under Reno. And, contrary to Muller's implication
here, my changes do address this problem: once you replace the old
/dev/tty driver as instructed, users cannot abuse u_ttyd.
I must say, Muller, that the mud you keep throwing at my solution is
getting rather tiresome. There's nothing wrong with reasonable doubt,
but insisting on six separate occasions that I've failed to address
something (which, in fact, I have addressed) is a bit repetitive, don't
you think?
What I can't tolerate, though, is how you keep claiming that a
non-solution is a solution. You can't play around with security! If you
say that your fixes work on even one platform where they don't (viz.,
all the production BSD releases), you may do huge damage. Don't you
understand that the right thing is to post a realistic assessment of the
limitations of your changes? You'll be off to a good start with ``They
don't work on systems with p_ttyd/u_ttyd in place of u_ttyvp.''
> This bug was reported early last year (before the
> Reno release) to the appropriate places.
Sheesh. I reported these bugs years ago to comp.unix.wizards, when there
wasn't any other appropriate place. Bellovin reported System V's version
of the holes even before that. In fact, the particular bug that you're
referring to here is nothing more than what's always been noted in the
vhangup() man page: ``Access to the controlling terminal using /dev/tty
is still possible.''
---Dan
More information about the Comp.unix.wizards
mailing list