[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: devfsd permissions and makedev permissions coordination

On Sun, Sep 10, 2000 at 09:56:30PM +0200, Marco d'Itri wrote:
> On Sep 10, Tom Lees <tal26@cam.ac.uk> wrote:
> 
>  >Terminal devices [1]				root.tty 0666
> This is obviously wrong, ttys must have 620 permissions (or 600 if you
> don't want people talk(1)ing to you, but I think the default should be
> to allow it).
> It's a huge security hole because with a ioctl you can inject commands
> into shells not owned by you.

For ttys "owned" by a shell that's true, but it's set up by login(1), not
MAKEDEV (or devfsd). For other ttys (vcs, not serial etc.), the current
behaviour of MAKEDEV is to create them root.root 0666. Serial devices are
created root.dialout 0660.

-- 
Tom Lees <tal26@cam.ac.uk> <tom@debian.org> <Tom.Lees@bigfoot.com>


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: