stanonik@nprdc.navy.mil (10/27/89)
We're running sunos 4.0.1 on sun3's and sun386's. Probably this isn't news, but we just realized that if you can rsh to another sun, then you can view the screen with "rsh host screendump | screenload". Might need a rasfilter8to1 if the victim has color and you don't. This seems as if it has the potential for being a problem; ie, snatching glimpses of other folks' consoles. Maybe it's no worse than just wandering into their office for look. I'm surprised init (sunview?) doesn't chown /dev/fb(?) to the person logged at the console and then chmod 600, similar to how tty's are handled. Ron Stanonik stanonik@nprdc.navy.mil
schwartz@psuvax1.cs.psu.edu (Scott Schwartz) (11/11/89)
In article <2812@brazos.Rice.edu> stanonik@nprdc.navy.mil writes: | I'm surprised init (sunview?) doesn't chown /dev/fb(?) to the person | logged at the console and then chmod 600, similar to how tty's are | handled. Sunview does pseudo ttys wrong too. X does tty's correctly, but xterm needs to be suid root. Sunview should do the same. Same comments apply to /etc/utmp. (World writable? Give us a break!) As for /dev/fb, you need to make suntools suid if you want that to work. Sun should have done something, rather than just punt. I agree. The right fix is a general purpose device allocator. Various designs have been proposed at various times on comp.unix.wizards. Scott Schwartz <schwartz@shire.cs.psu.edu> "More mips; cheaper mips; never too many." -- John Mashey
white@cs.unc.edu (Brian T. White) (11/27/89)
We noted this problem a while back, and we made a program called "suntools.sec" that chown's /dev/fb to the login of the person who invoked suntools, chmod's /dev/fb to 640, and chgrps /dev/fb to "games" so that suid games programs (e.g., backgammon) will work. The only problem we have noticed with this is the need to reset the permissions on /dev/fb if the machine is aborted. (This has only happened a couple of times; if it became a problem, the permission reset could certainly be done via /etc/rc.local.) Ed's Note: Placed in archives FTP: Hostname : titan.rice.edu (128.42.1.30) Directory: sun-source Filename : sectools.c Archive Server Address: archive-server@rice.edu Archive Server Command: send sun-source sectools.c