Network Security: Detailed info on Re: CAN-2004-0814: Linux terminal layer races

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

[Top] [All Lists]

Re: CAN-2004-0814: Linux terminal layer races

from [Pavel Kankovsky] Network Security

[Permanent Link]

Subject:	Re: CAN-2004-0814: Linux terminal layer races
Date:	Sat, 23 Oct 2004 19:03:43 +0200 (CEST)

On Wed, 20 Oct 2004, Alan Cox wrote:

Firstly a user can cause crashes and other undefined behaviour by
issuing a TIOCSETLD ioctl on a terminal interface while another thread


1. Did you mean TIOCSETD?
2. Sigh. TIOCSETD should have been restricted to root (+) since 1999. (*)

(*) Since the "user-rawip-attack" vuln reported by Marc Shaefer.
(+) Perhaps with some workaround to address the problem with processes
setting the ldisc, dropping the root, and being unable to restore ldisc 
back to N_TTY when they exit.

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
CAN-2004-0814: Linux terminal layer races, Alan Cox Re: CAN-2004-0814: Linux terminal layer races, Pavel Kankovsky <=

Previous by Date:	[CLA-2004:878] Conectiva Security Announcement - zlib, Conectiva Updates
Next by Date:	RE: Critical Vulnerability in Altiris Deployment Server architecture, Brooks, Shane
Previous by Thread:	CAN-2004-0814: Linux terminal layer races, Alan Cox
Next by Thread:	[Full-Disclosure] [ GLSA 200410-20 ] Xpdf, CUPS: Multiple integer overflows, Thierry Carrez
Indexes:	[Date] [Thread] [Top] [All Lists]