From owner-freebsd-security Wed May 14 11:37:04 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id LAA26527 for security-outgoing; Wed, 14 May 1997 11:37:04 -0700 (PDT) Received: from obiwan.TerraNova.net (root@obiwan.TerraNova.net [205.152.26.129]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA26522 for ; Wed, 14 May 1997 11:37:00 -0700 (PDT) Received: from P1mpBSD (coolholio@P1mpBSD.TerraNova.net [205.152.26.130]) by obiwan.TerraNova.net (8.8.5/TerraNovaNet) with SMTP id OAA25665; Wed, 14 May 1997 14:00:42 -0400 (EDT) Message-ID: <3379FE38.4F0@TerraNova.net> Date: Wed, 14 May 1997 14:02:32 -0400 From: Travis Mikalson Reply-To: bofh@terranova.net Organization: TerraNovaNet X-Mailer: Mozilla 3.01 (WinNT; I) MIME-Version: 1.0 To: Jonathan Mini CC: security@FreeBSD.ORG Subject: Re: /usr/sbin/wall is suid root. References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Jonathan Mini wrote: > > Personally, I think that being able to transmit an abatrary string of > characters to every user's console on the system is a bit of a security > hole. ANSI keyboard reassignments come to mind. On my system, running 2.2-STABLE, /usr/bin/wall is setgid tty.. -r-xr-sr-x 1 bin tty 12288 Apr 16 06:05 /usr/bin/wall What version are you running where wall is in /usr/sbin and is setuid root? Travis -- -=--==--===---====----======------=======------- TerraNovaNet Internet Services - Key Largo, FL Voice: (305)453-4011 Fax: (305)451-5991 http://www.TerraNova.net -------=======------======----====---===--==--=- Always remember that you are unique. Just like everyone else.