shadow chown(tty) - problem

Dagmar d'Surreal dagmar at speakeasy.net
Tue Sep 3 11:57:46 PDT 2002


On Tue, 2002-09-03 at 00:35, Richard Lightman wrote:
> * Dagmar d'Surreal <dagmar at speakeasy.net> [2002-09-03 06:08]:
> > On Mon, 2002-09-02 at 15:00, Richard Lightman wrote:
> > > 
> > > On a normal system, /dev/vcc/* is not chowned when a user logs in
> > > to prevent things like spy capturing anything. I made spy to test
> > > a new feature in conlogin (kill things like spy so /dev/vcc/*
> > > can be chowned to the user who logs in).
> > 
> > I'm just going to say one more thing about this...
> > 
> > A backhoe.
> > 
> I do not have a particularly agricultural background, so I had to
> do a quick websearch to find out what a backhoe is. I have not found
> any page on the web that explains how a backhoe can be used to change
> the ownership of console devices, take advantage of such changes, or
> work around the lack of such changes.
> 
> Could you explain please?

It's hacker-speak for a program that undermines an admin's attempt to
kill something off.  I suppose it derives from the backhoe's ability to
undermine the network's ability to get packets out of the building in a
manner that no one expects, much like the Spanish Inquisition, but it
could easily be attributed to excesses of alcohol.  ;)

Attempting to kill off a naer-do-well's processes is a dangeously
questionable task, since it then typically comes down to a race
condition as to whether the resources can be reclaimed by the evil-doer
before exclusivity can be guaranteed.  This is something better solved
by a more low-level approach of making sure that the user can't directly
obtain these filehandles in a lasting fashion to begin with.  Issues
like this have been around for a _long_ time.  One used to be able to do
this with more or less any arbitrary file descriptor and/or process on a
lot of platforms (root has been obtained many times this way in the
past) by simply nabbing some fds or pids, not _quite_ letting them go,
and then waiting patiently until the pid or fd number rolled over the
maxint and came back around so you could merrily abuse whatever hapless
code now also had use of them.  Evil evil evil evil...

> For people as ignorant as I was:
> http://www.ssbtractor.com/backhoe.jpg

*ROFL*  Good example.  =)

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-dev' in the subject header of the message



More information about the lfs-dev mailing list