FreeBSD Security Advisory FreeBSD-SA-04:15.syscons

Jacques A. Vidrine nectar at FreeBSD.org
Tue Oct 5 05:38:19 PDT 2004


Hi Darren,

On Mon, Oct 04, 2004 at 04:15:07PM -0700, Darren Pilgrim wrote:
> > FreeBSD-SA-04:15.syscons
> <...>
> > IV.  Workaround
> > 
> > There is no known workaround.  However, this bug is only exploitable
> > by users who have access to the physical console or can otherwise open
> > a /dev/ttyv* device node.
> 
> Is there anything in the base system that, by design or flaw, can be used by
> a non-root user to open a ttyv device?

Any user can open a ttyv device that she owns.  But if you mean, "can
be used by a non-root user to open a ttyv device not owned by that
user?" : None of which I'm aware.

> Is the tty snoop device vulnerable by proxy?

No, it is not.  The snp device does not "forward" ioctls.

Cheers,
-- 
Jacques A Vidrine / NTT/Verio
nectar at celabo.org / jvidrine at verio.net / nectar at FreeBSD.org


More information about the freebsd-security mailing list