From owner-freebsd-security Wed May 14 16:16:45 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id QAA12299 for security-outgoing; Wed, 14 May 1997 16:16:45 -0700 (PDT) Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA12284 for ; Wed, 14 May 1997 16:16:37 -0700 (PDT) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id JAA14181; Thu, 15 May 1997 09:21:22 +1000 (EST) Date: Thu, 15 May 1997 09:21:22 +1000 (EST) From: "Daniel O'Callaghan" To: Travis Mikalson cc: Jonathan Mini , security@FreeBSD.ORG Subject: Re: /usr/sbin/wall is suid root. In-Reply-To: <3379FE38.4F0@TerraNova.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Wed, 14 May 1997, Travis Mikalson wrote: > Jonathan Mini wrote: > > > > Personally, I think that being able to transmit an abatrary string of > > characters to every user's console on the system is a bit of a security > > hole. ANSI keyboard reassignments come to mind. > > On my system, running 2.2-STABLE, /usr/bin/wall is setgid tty.. > -r-xr-sr-x 1 bin tty 12288 Apr 16 06:05 /usr/bin/wall > > What version are you running where wall is in /usr/sbin and is setuid > root? Additionally, if you care to read the wall sources, you will find that wall won't print non-printable characters, and so can't send escape sequences. Danny