The security hole that this program has is that it has to open
/dev/tty's files in order to talk to the serial ports. It has a
bug that leaves the permissions wrong when it is done. So in order
to exploit this hole then one has to have access to a shell(Logged in).
Minicom is a program that lets you talk to a serial port/modem. It
is similar in function to cu or tip but it has a better terminal
emulation environment. I suspect most of you will not use this in
todays world of tcp/ip .
I suspect that it is installed but not used. The default fermi install
does install it.
To see if you have it do rpm -q minicom
The command should come back with a version if it is installed.
To remove rpm -e minicom
If one were to disable it then anyone who wanted to use it would
not be able to. It is normally started by a person running it
via a shell.
-Connie Sieh
>
> > other things break. SO we have not placed any newer version of minicom
> > in the security/RPMS area until RedHat gives us a working version for
> > 5.0. So at the moment either remove minicom or disable it.
>
> For those of us less familiar with these things, could you please
> * clarify what minicom does,
> * tell us how to check if it is running/installed/etc.,
> * specify how to remove or disable it if necessary,
> * explain what the effects of disabling/removing it would be?
> (e.g. what would stop working?)
>
> Thanks.
>
> Stephen
>
>
>