Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 30 Jan 1999 15:29:05 -0800 (PST)
From:      cpiazza@home.net
To:        FreeBSD-gnats-submit@FreeBSD.ORG
Subject:   docs/9822: Missing word from security(7) man page 
Message-ID:  <199901302329.PAA18102@norn.ca.eu.org>
next in thread | raw e-mail | index | archive | help 

>Number:         9822
>Category:       docs
>Synopsis:       security(7) man page is missing a word
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jan 30 15:30:01 PST 1999
>Closed-Date:
>Last-Modified:
>Originator:     Chris Piazza
>Release:        FreeBSD 4.0-CURRENT i386
>Organization:
n/a 
>Environment:

	FreeBSD

>Description:

	The security(7) man page reads (under the securiing root - root run
	servers and suid/sgid binaries):
	 If an intruder can break an sgid-kmem binary the intruder might be able
         to read /dev/kmem and thus read the crypted password file, potentially
         compromising any passworded account.  An intruder that breaks the tty
         group can write to almost user's tty.
	 
	Obviously this should be ``can write to almost any user's tty.''
	(or similar)

>How-To-Repeat:

	man 7 security

>Fix:
	
--- security.7.orig     Sat Jan 30 15:27:47 1999
+++ security.7  Sat Jan 30 15:28:02 1999
@@ -206,7 +206,7 @@
 can be almost as dangerous.  If an intruder can break an sgid-kmem binary the
 intruder might be able to read /dev/kmem and thus read the crypted password
 file, potentially compromising any passworded account.  An intruder that breaks
-the tty group can write to almost user's tty.  If a user is running a terminal
+the tty group can write to almost any user's tty.  If a user is running a terminal
 program or emulator with a talk-back feature, the intruder can potentially 
 generate a data stream that causes the user's terminal to echo a command, which
 is then run as that user.

-Chris
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199901302329.PAA18102>