[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1545: write' can't write to telnet logins

On Wed, 4 Oct 95 15:06 BST, iwj10@cus.cam.ac.uk (Ian Jackson) wrote:

>Package: bsdutils? netstd?
>Version: bsdutils 1.3-1, netstd 1.17-1
>Are `mesg y' terminals on Debian supposed to be g+w, or go+w ?

They are g+w.

>telnetd (from netbase) and mesg (from bsdutils) seem to thing g+w
>ought to be sufficient; however, write (also from bsdutils) seems to
>require go+w (though `richard', who was writing to me in another
>window at the time of the transcript below, didn't report that it
>complained about his terminal being `mesg n').
>Making write setgid tty may solve the problem, but such a decision
>should only be taken after examining the code to make sure it's not a
>security problem.

write(1) had a number of bugs, most serious of which was attempting to
write to terminals listed as dead in utmp.

Making write(1) setgid tty is the right thing to do: I have carefully
checked the source for possible holes, and have assured myself that
there are none.

I am closing this bug - it is fixed in bsdutils-1.4-1

As an aside, can I remind people that although I am fixing bugs in
bsdutils, there still remains the problem with xterm's setting the
permissions on /dev/tty<whatever> to 622, owned <user>.<user> I have
spoken to the new X11 maintainer, and its on his bug list.


Reply to: