Re: Bug#25847: general: Several security questions
On Mon, 9 Jul 2001, Colin Watson wrote:
> On Mon, 17 Aug 1998 at 19:48:10 +0200, Patrik Rak wrote:
>
> [snip]
>
> > Is it ok that currently unused (i.e., no one logged on at the moment, and
> > getty is waiting there) /dev/tty1-6 are chgrp dialout and chmod 0660? I
> > thought that dialout is for accessing the modem lines, i.e.,
> > /dev/ttyS0-4, and I would expect chgrp tty on tty1-6.
>
> They're root:root mode 0600 on my system, but I'm running mingettys.
> Anybody?
>
root:tty, 0666 on my three systems. one potato, one woody, one sid
w/devfs. should probably be 0660.
> > Is it ok that anybody can write anything to any
> > other tty (/dev/tty7-63) (fake log messages on /dev/tty8 come in mind) ?
>
> If you use a tty for logging, you should probably restrict its
> permissions ... your changes should be preserved.
>
> > Is there some deep purpose for vcs0-6 and vcsa0-6 (i.e., the used ones)
> > being chgrp sys while others vcs's and vcsa's are chgrp root?
>
> MAKEDEV creates them all root:root mode 0600 now (at least looking at my
> recently installed laptop).
>
/dev/vcs? & /dev/vcsa? files are root:root, 0600 on all my systems.
Reply to: