On 13 Jul 2004 16:04:18 -0000, Maarten Tielemans <ttielu_dainfracrew@xxxxxxxxxxx> wrote: > Aterm has an issue with creating a terminal. > A quick 'ls ?al' on a aterm with 'mesg y' shows: > crw--w--w- 1 alsdk users 5, 3 Jul 13 17:27 /dev/ttyp3 > with 'mesg n': > crw-----w- 1 alsdk users 5, 3 Jul 13 17:28 /dev/ttyp3 on debian unstable, with aterm 0.4.2: [1] k@nemo:~ 4$ aterm -V aterm version 0.4.2 let's see who's online [2] k@nemo:~ 4$ w 12:19:27 up 25 min, 2 users, load average: 0.02, 0.05, 0.10 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT k pts/1 :0.0 11:57 23.00s 0.15s 0.03s /usr/bin/aterm k pts/4 :0.0 12:19 0.00s 0.15s 0.00s w now let's see their pts: [3] k@nemo:~ 4$ ls -la /dev/pts/? crw------- 1 k tty 136, 1 Jul 14 12:19 /dev/pts/1 crw--w---- 1 k tty 136, 4 Jul 14 12:19 /dev/pts/4 disabling messages [4] k@nemo:~ 4$ mesg n [5] k@nemo:~ 4$ ls -la /dev/pts/4 crw------- 1 k tty 136, 4 Jul 14 12:19 /dev/pts/4 looks ok to me. > 1) World (nobody) is able to 'echo' or 'cat' towards the terminal > echo "hello" >> /dev/ttyp3 > cat mkdir >> /dev/ttyp3 [6] k@nemo:~ 4$ cat mkdir >> /dev/pts/4 cat: mkdir: No such file or directory ..what was the purpose of that? insecure file creation? the worst thing you could do is echo "y0u have b33n 0wn3d" >> /dev/pts/x > Advice: use xterm well this won't solve the problem. what if xterm has some other small vulnerability? would you advice to use kconsole next time? -- :lorenzo a. grespan --- GNU/Linux User Group Mantova - Italy http://lorien.lacasadeifili.net GPG Key fingerprint = 5372 1B49 9E61 747C FB9A 4DAE 5D2A A9A0 74B4 8F1A
