mknod or ln (was /dev/syscon)
Thad P Floryan
thad at cup.portal.com
Wed Jan 9 11:36:35 AEST 1991
dt at yenta.alb.nm.us (David B. Thomas) in <1991Jan8.085610.312 at yenta.alb.nm.us>
writes:
Here's one for you hardcores out there. In the book "Managing UUCP
and USENET" (O'reilly and assoc), they suggest always doing a mknod
rather than just linking, when associating, say, /dev/modem with
/dev/tty000. The reason?
In a mysterious little footnote, they claim that just linking it can
lead to a security hole. That's all they say.
Hmmm....Fermat's last unix security assessment. Comments?
Their comment "probably" concerns "ownership" transfer when the device is
assigned to you. Do an "ls -l" on your /dev directory and you'll note that
the tty, pty or window that YOU'RE on has your name and group whereas all the
other "unattached" ones are probably still "root; users" or "root; sys"
It's not clear to me how this would be a major problem as would, for example,
recent discussions in comp.unix.admin concerning clowns who "ln /bin/vi" to a
file in their directory whose ownership is changed nightly by "certain" admin
programs at sites which "chown" all files in a user's directory to that user
for accounting purposes ... once one is made the owner of, say, /bin/vi, one
could easily slip in a Trojan horse.
Thad Floryan [ thad at cup.portal.com (OR) ..!sun!portal!cup.portal.com!thad ]
More information about the Comp.sys.att
mailing list