On Fri, Apr 23, 2004 at 04:03:06PM -0700, Debian Bug Tracking System wrote:
> * change default permission on tty devices from 0666 to 0660, which makes
> denial of service attacks on the console by local users harder,
> closes: #244751
0660 probably is too much; 0620 would be probably more appropriate.
Would any of your devel people have problems with /dev/tty[0-9]* being
not group readable?
Please do CC me, I'm not subscribed to debian-devel.
Cheers,
Jan.
Supportive evidence:
Judging by the example of ptys:
% ls -l /dev/pts/
total 0
cr-------- 1 jan tty 136, 1 Apr 24 16:36 1
crw--w---- 1 jan tty 136, 11 Apr 24 16:31 11
crw--w---- 1 jan tty 136, 2 Apr 24 14:43 2
crw--w---- 1 jan tty 136, 3 Apr 24 16:11 3
crw--w---- 1 jan tty 136, 7 Apr 24 16:36 7
^^^
Now the only programs I have here which are sgid tty are these 2:
-rwxr-sr-x 1 root tty 9736 Dec 24 2002 /usr/bin/wall
-rwxr-sr-x 1 root tty 7540 Jul 4 2002 /usr/bin/write
..And I know of one other one: talkd. These wouldn't use read
permissions, afaik.
--
"To me, clowns aren't funny. In fact, they're kind of scary. I've wondered
where this started and I think it goes back to the time I went to the circus,
and a clown killed my dad."
Attachment:
pgpzK3zTBYmcM.pgp
Description: PGP signature