[wplug] re: seyon/minicom
Luquilla Hughes
luquilla at hotmail.com
Fri Jan 19 13:45:05 EST 2001
My understaning of the situation:
That is the right answer. or you could move the modem to its own group and
only allow people you want to have access to the modem to the group.
You may harm important files that belong to the uucp group if the file
permissons allow it. because juan now has control of everything of the
group.
Minicom seems to operate with the setuid, and everything I have read
indicates that there is a security hole in Setuid and if at all possible you
should avoid it. I am not sure if you could really clasify it as "unsafe". I
hope that a security guru will chime in with the correct answer.
>From: Juan Zuluaga <jz31416 at yahoo.com>
>Reply-To: wplug at wplug.org
>To: wplug at wplug.org
>Subject: [wplug] re: seyon/minicom
>Date: Thu, 18 Jan 2001 22:40:55 -0800 (PST)
>
>I think I found a solution, but I want to ask how
>correct it is:
>As Celine said, looking at the file permissions:
>crw-rw---- 1 root tty 4, 65 Jan 4 22:32
>/dev/ttyS1
>lrwxrwxrwx 1 root uucp 4 Oct 27 1998
>/dev/modem -> cua1
>crw-rw---- 1 root uucp 5, 65 Jan 19 01:43
>/dev/cua1
>And the user "juan" (me) does not belong to the uucp
>or the tty groups. Then, I wrote
>uucp::14:uucp,juan in /etc/group
>and now I am happily using my Seyon.
>BUt, is it the right answer? What I am allowing "juan"
>to do? May I harm important files now?
>And does it mean that Minicom is an unsafe program?
>
>__________________________________________________
>Do You Yahoo!?
>Get email at your own domain with Yahoo! Mail.
>http://personal.mail.yahoo.com/
>_______________________________________________
>wplug mailing list
>wplug at wplug.org
>http://www.wplug.org/mailman/listinfo/wplug
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
More information about the wplug
mailing list