Date: Thu, 15 May 1997 09:21:22 +1000 (EST) From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: Travis Mikalson <bofh@terranova.net> Cc: Jonathan Mini <j_mini@efn.org>, security@FreeBSD.ORG Subject: Re: /usr/sbin/wall is suid root. Message-ID: <Pine.BSF.3.91.970515091326.3567F-100000@panda.hilink.com.au> In-Reply-To: <3379FE38.4F0@TerraNova.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 14 May 1997, Travis Mikalson wrote: > Jonathan Mini wrote: > > > > Personally, I think that being able to transmit an abatrary string of > > characters to every user's console on the system is a bit of a security > > hole. ANSI keyboard reassignments come to mind. > > On my system, running 2.2-STABLE, /usr/bin/wall is setgid tty.. > -r-xr-sr-x 1 bin tty 12288 Apr 16 06:05 /usr/bin/wall > > What version are you running where wall is in /usr/sbin and is setuid > root? Additionally, if you care to read the wall sources, you will find that wall won't print non-printable characters, and so can't send escape sequences. Danny
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970515091326.3567F-100000>