Date: Tue, 5 Oct 2004 07:37:54 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Darren Pilgrim <dmp@bitfreak.org> Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-04:15.syscons Message-ID: <20041005123754.GC12681@madman.celabo.org> In-Reply-To: <000601c4aa68$0034af70$162a15ac@spud> References: <200410042054.i94KsBD9021963@freefall.freebsd.org> <000601c4aa68$0034af70$162a15ac@spud>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Darren, On Mon, Oct 04, 2004 at 04:15:07PM -0700, Darren Pilgrim wrote: > > FreeBSD-SA-04:15.syscons > <...> > > IV. Workaround > > > > There is no known workaround. However, this bug is only exploitable > > by users who have access to the physical console or can otherwise open > > a /dev/ttyv* device node. > > Is there anything in the base system that, by design or flaw, can be used by > a non-root user to open a ttyv device? Any user can open a ttyv device that she owns. But if you mean, "can be used by a non-root user to open a ttyv device not owned by that user?" : None of which I'm aware. > Is the tty snoop device vulnerable by proxy? No, it is not. The snp device does not "forward" ioctls. Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041005123754.GC12681>