[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1545: `write' can't write to telnet logins

Package: bsdutils? netstd?
Version: bsdutils 1.3-1, netstd 1.17-1

Are `mesg y' terminals on Debian supposed to be g+w, or go+w ?

telnetd (from netbase) and mesg (from bsdutils) seem to thing g+w
ought to be sufficient; however, write (also from bsdutils) seems to
require go+w (though `richard', who was writing to me in another
window at the time of the transcript below, didn't report that it
complained about his terminal being `mesg n').

Making write setgid tty may solve the problem, but such a decision
should only be taken after examining the code to make sure it's not a
security problem.


[ Running in an xterm ... ]
chiark:~> finger
Login    Name                 Tty  Idle  Login Time   Office     Office Phone
iwj10    Ian Jackson - unpriv  p4        Oct  4 12:47 (ealingbroadway.c)
iwj10    Ian Jackson - unpriv  p3  1:03  Oct  4 12:49 (ealingbroadway.c)
iwj10    Ian Jackson - unpriv  p5        Oct  4 12:50 (ealingbroadway.c)
iwj10    Ian Jackson - unpriv  p6  1:05  Oct  4 12:53 (ealingbroadway.c)
richard  Richard Kettlewell   *p0        Oct  4 10:05 (muskogee.elmail.)
richard  Richard Kettlewell    p7        Oct  4 12:59 (muskogee.elmail.)
chiark:~> write richard
write: /dev/ttyp7: Permission denied
chiark:~> ll /dev/ttyp7
crw--w----   1 richard  tty        4, 199 Oct  4 14:55 /dev/ttyp7
chiark:~> ls -al /usr/bin/write
-rwxr-xr-x   1 root     root        12292 Jun 22 20:25 /usr/bin/write*
chiark:~> ytalk richard
chiark:~> ytalk -x richard
chiark:~> grep mesg /etc/profile
mesg y
chiark:~> tty
chiark:~> id
uid=1001(iwj10) gid=1001(iwj10) groups=1001(iwj10)
chiark:~> ll /dev/ttyp5
crw--w--w-   1 iwj10    iwj10      4, 197 Oct  4 15:01 /dev/ttyp5

Connected to chiark.chu.cam.ac.uk.
Escape character is '^]'.
Debian GNU/Linux 0.93
Copyright (C) 1994, 1995 Debian Association, Inc. and others

chiark login: iwj10
Last login: Wed Oct  4 12:31:00 on ttyc2
Copyright (C) 1994, 1995 Debian Association, Inc. and others

Linux chiark 1.2.13 #2 Sat Sep 30 11:40:37 BST 1995 i486

Unauthorised access prohibited; if you do not know that you are authorised
then you are not.  See /info/rules.text for the rules for the use of
chiark, and /info/chiark.text for information about the system.

Recent items in /info/new - see the file for full details:
1)  Problem with trn hanging believed fixed.  (3.10.1995)
2)  Default terminal message status is now `y'.  (3.10.1995)
3)  trn `l' (list groups) command should now work.  (3.10.1995)

  3:01pm  up 4 days,  2:56,  8 users,  load average: 0.48, 0.26, 0.09
chiark:~> tty
chiark:~> ll /dev/ttyp1
crw--w----   1 iwj10    tty        4, 193 Oct  4 15:01 /dev/ttyp1
chiark:~> exit
Connection closed by foreign host.

Reply to: