[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

kde security hole on OpenBSD?



The permissions of pty's used by kde konsole sessions on OpenBSD never
are properly set for the user to which they are allocated. The permissions of the
pty used by a kde konsole session remain owned by root and globally rw. 
This is because the call from konsole to kgrantpty to allocate the pty and to 
set the pty ownership and permissions does not seem to connect with OpenBSD's 
PTMGET command (man 4 pty) which does these tasks in OpenBSD.

You can see this after starting a few kde konsole sessions by using 'ls -l' 
to inspect /dev/ptys[0-9]. The output of the ls command will show the time 
that the pty was allocated to the kde konsole session, the global rw permissions,
and root ownership.

Dave Feustel.
-- 
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"