[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

/dev/tty[0-9]* should be chmod 0620, not 0660 -- or not? [Was: Bug#244751 acknowledged by developer (Bug#244751: fixed in makedev 2.3.1-67)]



On Fri, Apr 23, 2004 at 04:03:06PM -0700, Debian Bug Tracking System wrote:
>    * change default permission on tty devices from 0666 to 0660, which makes
>      denial of service attacks on the console by local users harder,
>      closes: #244751

0660 probably is too much; 0620 would be probably more appropriate.
Would any of your devel people have problems with /dev/tty[0-9]* being
not group readable?

Please do CC me, I'm not subscribed to debian-devel.

Cheers,
Jan.


Supportive evidence:

Judging by the example of ptys:

% ls -l /dev/pts/
total 0
cr--------    1 jan      tty      136,   1 Apr 24 16:36 1
crw--w----    1 jan      tty      136,  11 Apr 24 16:31 11
crw--w----    1 jan      tty      136,   2 Apr 24 14:43 2
crw--w----    1 jan      tty      136,   3 Apr 24 16:11 3
crw--w----    1 jan      tty      136,   7 Apr 24 16:36 7
    ^^^

Now the only programs I have here which are sgid tty are these 2:

-rwxr-sr-x    1 root     tty          9736 Dec 24  2002 /usr/bin/wall
-rwxr-sr-x    1 root     tty          7540 Jul  4  2002 /usr/bin/write

..And I know of one other one: talkd. These wouldn't use read
permissions, afaik.

-- 
   "To me, clowns aren't funny. In fact, they're kind of scary. I've wondered
 where this started and I think it goes back to the time I went to the circus,
			  and a clown killed my dad."

Attachment: pgpac_Ebs5QX1.pgp
Description: PGP signature


Reply to: