[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
kde security hole on OpenBSD?
- To: ports_(_at_)_openbsd_(_dot_)_org
- Subject: kde security hole on OpenBSD?
- From: Dave Feustel <dfeustel_(_at_)_mindspring_(_dot_)_com>
- Date: Mon, 19 Dec 2005 06:59:13 -0500
The permissions of pty's used by kde konsole sessions on OpenBSD never
are properly set for the user to which they are allocated. The permissions of the
pty used by a kde konsole session remain owned by root and globally rw.
This is because the call from konsole to kgrantpty to allocate the pty and to
set the pty ownership and permissions does not seem to connect with OpenBSD's
PTMGET command (man 4 pty) which does these tasks in OpenBSD.
You can see this after starting a few kde konsole sessions by using 'ls -l'
to inspect /dev/ptys[0-9]. The output of the ls command will show the time
that the pty was allocated to the kde konsole session, the global rw permissions,
and root ownership.
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"