port-mac68k: Re: 68LC040 FPE, PR #5133, UVM, and a security hole?

Subject: Re: 68LC040 FPE, PR #5133, UVM, and a security hole?
To: Rolf Braun <rbraun@cstone.net>
From: Dave Huang <khym@bga.com>
List: port-mac68k
Date: 05/07/1998 17:22:39

On Thu, 7 May 1998, Rolf Braun wrote:
> >> What if Joe User who isn't in wheel logs onto ttyp0 via telnet and tries to
> >> run X or dt?
> >
> >man 5 ttyaction?
> 
> Um, I've tried it from "telnet localhost". Running dt will invoke dt on the
> console, even when dt is run from a pty. Weird stuff.

That's normal, 'cuz dt opens the grf device (X does the same). A bit
unexpected perhaps, but IMHO, correct behavior. What I meant was if you're
worried it, you could use /etc/ttyaction to fiddle with the ownership of
/dev/grf? and /dev/adb. For example, make them mode 0600, then get
ttyaction to chown them to whoever logs into the console. When the user
logs out, let ttyaction chown them to root.

NotSoObHack:  When I was in school, there was a lab of Sun Sparcstation
1+s running SunOS. Pretty cool at that time ('specially since they
replaced Sun 2/50s, which were awfully slow :) My account was to be
disabled over the summer (by changing my shell to a program that only let
you do things like check account balance and email the admins), but since
I knew about it ahead of time, I setup my own telnet daemon on a
nonprivileged port and had a cron job check occasionally to see if it was
still up. This worked well for plain text connections, since I could just
telnet in from the terminal servers, but I wanted to use X. So what I did
was to login on the Sun's console, which gave me ownership of the
framebuffer and keyboard/mouse/etc..., went across the hall to the lab
full of VT100 terminals, telnetted to my telnetd, startx& from there,
logout, then go back to the console where my X session would be waiting
for me :) That may be why I consider it a good thing to be able to start X
on the console when logged into a pty ;) The admins found out after a
while and nuked my cron jobs and .forward file, and they made some sort of
"janitor" program to keep others from trying the same thing :) *giggles*
-- 
Name: Dave Huang     |   Mammal, mammal / their names are called /
INet: khym@bga.com   |   they raise a paw / the bat, the cat /
FurryMUCK: Dahan     |   dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 22 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++