Re: Security implications of tty group?

To: Thomas Hood <jdthood@yahoo.co.uk>
Cc: debian-security@lists.debian.org
Subject: Re: Security implications of tty group?
From: Florian Weimer <fw@deneb.enyo.de>
Date: Wed, 25 Jan 2006 12:43:08 +0100
Message-id: <[🔎] 873bjc1qk3.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 43D759C5.5010804@yahoo.co.uk> (Thomas Hood's message of "Wed, 25 Jan 2006 11:58:13 +0100")
References: <[🔎] 43D759C5.5010804@yahoo.co.uk>

* Thomas Hood:

> Hello, security experts.
>
> In #349578 it is claimed that the mesg program should not warn if a tty
> device node fails to belong to group "tty".
>
> What are the security implications of a tty device node failing to belong
> to group "tty"?

"mesg y" does not have the desired effect because write programs which
are SGID tty (such as /usr/bin/bsd-write) cannot write to the TTY even
if the permissions are relaxed to 620.

In other words, the warning makes perfect sense.

Reply to:

Follow-Ups:
- Re: Security implications of tty group?
  - From: Thomas Hood <jdthood@yahoo.co.uk>

References:
- Security implications of tty group?
  - From: Thomas Hood <jdthood@yahoo.co.uk>

Prev by Date: Security implications of tty group?
Next by Date: Re: Security implications of tty group?
Previous by thread: Security implications of tty group?
Next by thread: Re: Security implications of tty group?
Index(es):
- Date
- Thread