Bug#1545: write' can't write to telnet logins

To: debian-bug@Pixar.com
Subject: Bug#1545: write' can't write to telnet logins
From: Austin Donnelly <and1000@cam.ac.uk>
Date: Sun, 26 Nov 1995 19:28:47 +0000 (GMT)
Message-id: <[🔎] Pine.LNX.3.91.951126192102.29890A-100000@valour.pem.cam.ac.uk>
Reply-to: Austin Donnelly <and1000@cam.ac.uk>, debian-bugs@Pixar.com

On Wed, 4 Oct 95 15:06 BST, iwj10@cus.cam.ac.uk (Ian Jackson) wrote:

>Package: bsdutils? netstd?
>Version: bsdutils 1.3-1, netstd 1.17-1
>
>Are `mesg y' terminals on Debian supposed to be g+w, or go+w ?

They are g+w.

>telnetd (from netbase) and mesg (from bsdutils) seem to thing g+w
>ought to be sufficient; however, write (also from bsdutils) seems to
>require go+w (though `richard', who was writing to me in another
>window at the time of the transcript below, didn't report that it
>complained about his terminal being `mesg n').
>
>Making write setgid tty may solve the problem, but such a decision
>should only be taken after examining the code to make sure it's not a
>security problem.

write(1) had a number of bugs, most serious of which was attempting to
write to terminals listed as dead in utmp.

Making write(1) setgid tty is the right thing to do: I have carefully
checked the source for possible holes, and have assured myself that
there are none.

I am closing this bug - it is fixed in bsdutils-1.4-1

As an aside, can I remind people that although I am fixing bugs in
bsdutils, there still remains the problem with xterm's setting the
permissions on /dev/tty<whatever> to 622, owned <user>.<user> I have
spoken to the new X11 maintainer, and its on his bug list.

Austin

Reply to:

Prev by Date: Re: miscutils snag/questions for all
Next by Date: Re: Bug#1895: run-parts does not run scripts without #!/...
Previous by thread: Bug#1902: manpage for wtmp wrong
Next by thread: Lha copyright?
Index(es):
- Date
- Thread