FreeBSD Security Advisory FreeBSD-SA-04:15.syscons
Jacques A. Vidrine
nectar at FreeBSD.org
Tue Oct 5 05:38:19 PDT 2004
Hi Darren,
On Mon, Oct 04, 2004 at 04:15:07PM -0700, Darren Pilgrim wrote:
> > FreeBSD-SA-04:15.syscons
> <...>
> > IV. Workaround
> >
> > There is no known workaround. However, this bug is only exploitable
> > by users who have access to the physical console or can otherwise open
> > a /dev/ttyv* device node.
>
> Is there anything in the base system that, by design or flaw, can be used by
> a non-root user to open a ttyv device?
Any user can open a ttyv device that she owns. But if you mean, "can
be used by a non-root user to open a ttyv device not owned by that
user?" : None of which I'm aware.
> Is the tty snoop device vulnerable by proxy?
No, it is not. The snp device does not "forward" ioctls.
Cheers,
--
Jacques A Vidrine / NTT/Verio
nectar at celabo.org / jvidrine at verio.net / nectar at FreeBSD.org
More information about the freebsd-security
mailing list