Hi, Phillip! Thank for a storm-swift reply 8-) It seems like they should be 660, not 600, as I suggested (wall(1) and talkd(1) would break otherwise, probably). On Mon, Apr 19, 2004 at 05:26:25PM -0400, Phillip Hofmeister wrote: > yes, the others are 666. Does it matter? Are they used or just > pointless character devices? Yes, thanks to the escape sequences they are a backdoor to the system; (don't) try the sploit below, it would keep changing the terminal to /dev/tty63 so fast, you won't be able to switch back or kill the offender, not even as a root. The only remedy would be to connect to the comp from another terminal (serial, ssh, ...). On many systems, the only remedy would be to reboot. Although this is of course possible to do locally, the 666 permissions allow doing this *remotely*; even with a guest account, for example. Or in a at(1) entry, or crontab. I'd getting more and more convinced this should be tagged critical. > On Mon, 19 Apr 2004 at 05:07:13PM -0400, Jan Minar wrote: > > > > > % ssh kh > > > > > jan@kh's password: > > > > > Linux kontryhel 2.4.26-jan #3 SMP Mon Apr 19 05:00:00 CEST 2004 i686 unknown > > > > > % echo 'Morning, Mister root, welcome to a jail 8-)' > /dev/tty63 > > > > > % while :; do echo -e '\033[12;63]' > /dev/tty63; done The last line is important. -- "To me, clowns aren't funny. In fact, they're kind of scary. I've wondered where this started and I think it goes back to the time I went to the circus, and a clown killed my dad."
Attachment:
pgpPM7gzxvEnj.pgp
Description: PGP signature