Re: tty locks up

[Lokesh Setia <lsetia@xxxxxxxxxxxxxxxxxxx>]

On Wed, 30 Jun 1999, Sharad Joshi wrote:

> Hi,
> 
> Let user A use ttyp0
> Let user B use ttyq1
> 
> Now B can do this from his terminal:  cat < /dev/ttyp0 > /dev/null&
> And thus, A will be locked for ever. Moreover, he can not just find out
> what is happening. Nor can he log out. Also, the ps listing shows just
> "cat" for the user B and thus no one can know what is happening to the
> terminal ttyp0. User A is on the mercy of B.
> 
> Isn't this serious? Is there any way to find out who is reading a
> terminal. And how to overcome the above problem.

No, you are probably new to unix security aspects. User B can never read
from User A's terminal until he(or she) has the permissions for the file
/dev/ttyNN where NN is the terminal number (not for RH 6.0 which uses new
type terminal names /dev/pts/??). A typical entry in /dev looks like:

crw--w----   1 User_A       tty        4,   4 Aug 28 21:12 /dev/tty4

See that the group tty has write access to the tty, but not read access.
This write access has only been given because of the various commands like
"write" and "wall" (which are setgid to "tty"). 

What may be happening in your case is that user B may be root, in which
case it has read permission for any file, or that user B is the same as
user A, in which case it can access the file.

Don't worry, the problem you are asking has been taken care of right form
the time UNIX was designed. 

Regards,
Lokesh Setia.


 > > Sharad.
> 
> 
> --------------------------------------------------------------------
> For more information on Linux in India visit http://www.linux-india.org/
> 


- --------------------------------------------------------------------
For more information on Linux in India visit http://www.linux-india.org/

------------------------------