Re: CVS commit: src/etc

To: Christos Zoulas <christos%zoulas.com@localhost>
Subject: Re: CVS commit: src/etc
From: David Laight <david%l8s.co.uk@localhost>
Date: Fri, 7 Sep 2012 17:50:48 +0100

On Fri, Sep 07, 2012 at 09:45:09AM -0400, Christos Zoulas wrote:
> On Sep 7,  9:20pm, tsutsui%ceres.dti.ne.jp@localhost (Izumi Tsutsui) wrote:
> -- Subject: Re: CVS commit: src/etc
> 
> | > Easier maybe, but we do not realy want those device nodes on typical /dev
> | > filesystems (at least that was my understanding).
> | 
> | - What's the actual benefits on removing those device nodes on /dev?
> |   Is it more important than possible fallouts in install materials?
> 
> When ptyfs is mounted the pty nodes in ptyfs are used and not the entries
> in /dev. The entries in /dev have the same major and minor numbers and they
> are not chowned chmod'ed appropriately (they are world readable and writable).
> So anyone can spy on you (fortunately TIOCSTI is limited to the superuser
> so random people cannot write to your terminal). This is a security issue.
> The old pty allocation code required superuser access to chown/chmod the
> tty device nodes.

I thought (without checking) that they would be owned by root, group tty
with at most user read and user/group write until they are actually used.
Once used they get a chown (etc) and might not get reset again.

        David

-- 
David Laight: david%l8s.co.uk@localhost

References:
- Re: CVS commit: src/etc
  - From: Izumi Tsutsui
- Re: CVS commit: src/etc
  - From: Christos Zoulas

Prev by Date: Re: CVS commit: src/etc
Next by Date: Re: CVS commit: src/etc
Previous by Thread: Re: CVS commit: src/etc
Next by Thread: re: CVS commit: src/etc
Indexes:

Home | Main Index | Thread Index | Old Index