|
Brought to you by:
Suppliers of:
|
|
|
| |
pty is "a parallel terminal device in Unix that allow users to communicate with the operating system in command line".
Mac OS X doesn't provide any mechanism for non-setuid-root programs to change permissions on ptys allowing any local user to sniff the tty connection. |
| |
Credit:
The information has been provided by Matt Johnston .
|
| |
Vulnerable Systems:
* Mac OS X 10.3 family and prior
Immune Systems:
* Mac OS X 10.4
Due to lack of ability to change permissions of pty, xterms, screen sessions, and Terminal.app windows (with explicitly specified commands) are vulnerable to tty sniffing. Using Terminal.app's standard terminal with /usr/bin/login is safe since login is setuid root.
Example:
arctic:~> screen
... new screen session starts ...
arctic:~> ls -l $TTY
crw-rw-rw- 1 root wheel 4, 2 1 May 16:44 /dev/ttyp2
The fixed problem in Mac OS X now sets the devfs permissions on openpty().
|
|
|
|
|
