BSD tty security, part 4: What You Can Look Forward To
Tom Christiansen
tchrist at convex.COM
Tue May 7 08:33:32 AEST 1991
>From the keyboard of jfh at rpp386.cactus.org (John F Haugh II):
:>That's a very nice piece of name-dropping there, but the fact remains that we
:>mere mortals have no evidence of your claims.
:
:Given that many of those people read this newsgroup, you don't have to
:verify his claims. Tom Christiansen regularly reads this group, along
:with Steve Bellovin. Perhaps they can verify what Dan is saying (they
:already have from what I've seen).
Dan's program does indeed compromise ConvexOS 9.0; I will vouch for no
other system. (There's something terribly ironic about me having Dan for
a customer, eh? :-) We've closed up the hole at least for rlogin, telnet,
and xterm for the 9.1 release. It required a kernel change, so there
aren't patched versions of these programs available. The script and
window utilities will still be insecure as they can't chown and chmod
their ttys. I'm personally hoping for a more complete long-term solution
using a session manager, but there's no way to anticipate if or when this
might occur.
I think anybody who's been working on this stuff for a while already knows
the scoop about the particular hole we've all been dancing around here.
One poster mentioned he'd gotten working code exploiting the problem in
about 20 minutes. That means the crackers can, too, and have probably
already done so.
The signal-to-noise ratio in this discussion is discouraging. Insults
aren't going to buy anyone anything. They will neither persuade someone
to your cause who was on the other side, nor do they invalidate Dan's
working code, nor (I imagine) will they stop him from posting details a
child (as opposed to professionals, who already understand) could follow
come October.
--tom
--
Tom Christiansen tchrist at convex.com convex!tchrist
"So much mail, so little time."
More information about the Comp.unix.wizards
mailing list