[comp.os.vms] PTY driver fix

sloane@UKANVAX.BITNET (Bob Sloane) (05/27/88)

Tony Cook writes:

>DEC's recent SECURITY UPDATE V2 patch has broken the CMU/Hughes
>PTY pseudo terminal driver. The patch to TTDRIVER.EXE has changed the default
>device protection for cloned devices (e.g VTAn virtual terminals). Thus
>the pseudo terminal device TPAn: receives the totally useless device protection
>of [S:WRLP O: G: W:]. It used to be [S:WRLP O:WRLP G:WRLP W:WRLP].

I tried the change to the TP driver, and it fixes the PHOTO problem. Now I
am wondering if I am open to security problems if I put this patch in.
DEC seems to have put in a patch that specifically changes the behavior
of this interface. I can't help but wonder: if a user gets a PTY device with
full protections, can that be used to violate system security? Someone
mentioned Trojan Horse programs in talking about this patch. Does anyone
out there know why the protections were changed? If so, am I leaving my
system wide open?  I don't need to know the details of the problem, but
a simple yes or no answer would help greatly.

Also, do any of the VMS guru's know if the PTY driver code will stop working
under VMS 5.0?  If so, is anyone planning on fixing it?  I don't want to
keep putting PHOTO up and then taking it down.  Thanks for any help anyone
can give me.

                      Bob Sloane
                      University of Kansas
                      Computer Center
                      (913) 864-0444
                      SLOANE@UKANVAX.BITNET
                      SLOANE@KUHUB.CC.UKANS.EDU

SLOANE%UKANVAX.BITNET%CUNYVM.CUNY.EDU%KL.SRI.COM%lbl%sfsu1.hepnet@LBL.GOV (05/28/88)

Received: from KL.SRI.COM by LBL.Gov with INTERNET ;
          Fri, 27 May 88 01:16:24 PDT
Received: from CUNYVM.CUNY.EDU by KL.SRI.COM with TCP; Wed 25 May 88 09:57:19-PDT
Received: from UKANVAX.BITNET by CUNYVM.CUNY.EDU (IBM VM SMTP R1.1) with BSMTP id 4716; Wed, 25 May 88 12:22:08 EDT
Date:     Wed, 25 May 1988 10:32:11.38 CDT
From:     <sloane%UKANVAX.BITNET@CUNYVM.CUNY.EDU> (Bob Sloane)
Subject:  RE: PTY driver fix
To:       <info-vax@kl.sri.com>
 
Tony Cook writes:
 
>DEC's recent SECURITY UPDATE V2 patch has broken the CMU/Hughes
>PTY pseudo terminal driver. The patch to TTDRIVER.EXE has changed the default
>device protection for cloned devices (e.g VTAn virtual terminals). Thus
>the pseudo terminal device TPAn: receives the totally useless device protection
>of [S:WRLP O: G: W:]. It used to be [S:WRLP O:WRLP G:WRLP W:WRLP].
 
I tried the change to the TP driver, and it fixes the PHOTO problem. Now I
am wondering if I am open to security problems if I put this patch in.
DEC seems to have put in a patch that specifically changes the behavior
of this interface. I can't help but wonder: if a user gets a PTY device with
full protections, can that be used to violate system security? Someone
mentioned Trojan Horse programs in talking about this patch. Does anyone
out there know why the protections were changed? If so, am I leaving my
system wide open?  I don't need to know the details of the problem, but
a simple yes or no answer would help greatly.
 
Also, do any of the VMS guru's know if the PTY driver code will stop working
under VMS 5.0?  If so, is anyone planning on fixing it?  I don't want to
keep putting PHOTO up and then taking it down.  Thanks for any help anyone
can give me.
 
                      ob Sloane
                      University of Kansas
                      Computer Center
                      (913) 864-0444
                      SLOANE@UKANVAX.BITNET
                      SLOANE@KUHUB.CC.UKANS.EDU