From: hedrick@dartagnan.rutgers.edu (Charles Hedrick) Newsgroups: comp.security.misc,comp.unix.bsd,comp.bugs.4bsd,alt.security Subject: Re: rlogind/telnetd/pty security fixes? Message-ID: Date: 5 Jun 92 23:33:13 GMT References: <1992Jun2.230329.13516@cirrus.com> Organization: Rutgers Univ., New Brunswick, N.J. dhesi@cirrus.com (Rahul Dhesi) writes: >Some time ago there was a lot of discussion, started by Dan Bernstein and >continued by many others, about security problems arising from ptys that >were kept open by processes. I believe the problem lies in the vhangup() >system call. After playing with telnetd for a while, I concluded that there was no good way to fix this outside the kernel, at least not without modifying all the utlities. And some poor user is going to bring in something like "screen" off the net, and get burned. So the Rutgers Sun kernel will refuse to open a the master end of a pty if anyone has the slave open, and it will change ownership and protection of the slave before returning from the open of the master. This is ugly code, since it means that the name of the slave device is in the kernel, but it's a solid and pragmatic solution. This means that we don't have to worry about telnetd, script, etc, because the kernel will protect even naively coded programs.