Hi Darren, On Mon, Oct 04, 2004 at 04:15:07PM -0700, Darren Pilgrim wrote: > > FreeBSD-SA-04:15.syscons > <...> > > IV. Workaround > > > > There is no known workaround. However, this bug is only exploitable > > by users who have access to the physical console or can otherwise open > > a /dev/ttyv* device node. > > Is there anything in the base system that, by design or flaw, can be used by > a non-root user to open a ttyv device? Any user can open a ttyv device that she owns. But if you mean, "can be used by a non-root user to open a ttyv device not owned by that user?" : None of which I'm aware. > Is the tty snoop device vulnerable by proxy? No, it is not. The snp device does not "forward" ioctls. Cheers, -- Jacques A Vidrine / NTT/Verio nectar@celabo.org / jvidrine@verio.net / nectar@FreeBSD.org _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"