On Fri, Apr 23, 2004 at 04:03:06PM -0700, Debian Bug Tracking System wrote: > * change default permission on tty devices from 0666 to 0660, which makes > denial of service attacks on the console by local users harder, > closes: #244751 0660 probably is too much; 0620 would be probably more appropriate. Would any of your devel people have problems with /dev/tty[0-9]* being not group readable? Please do CC me, I'm not subscribed to debian-devel. Cheers, Jan. Supportive evidence: Judging by the example of ptys: % ls -l /dev/pts/ total 0 cr-------- 1 jan tty 136, 1 Apr 24 16:36 1 crw--w---- 1 jan tty 136, 11 Apr 24 16:31 11 crw--w---- 1 jan tty 136, 2 Apr 24 14:43 2 crw--w---- 1 jan tty 136, 3 Apr 24 16:11 3 crw--w---- 1 jan tty 136, 7 Apr 24 16:36 7 ^^^ Now the only programs I have here which are sgid tty are these 2: -rwxr-sr-x 1 root tty 9736 Dec 24 2002 /usr/bin/wall -rwxr-sr-x 1 root tty 7540 Jul 4 2002 /usr/bin/write ..And I know of one other one: talkd. These wouldn't use read permissions, afaik. -- "To me, clowns aren't funny. In fact, they're kind of scary. I've wondered where this started and I think it goes back to the time I went to the circus, and a clown killed my dad."
Attachment:
pgpzK3zTBYmcM.pgp
Description: PGP signature