[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security implications of tty group?

* Thomas Hood:

> Florian Weimer wrote:
>> In other words, the warning makes perfect sense.
>
>
> Would it also be secure if (as the submitter of #349578 writes):

This hasn't got to do much with security.

>> The tty is /dev/pts/* and is always owned and group-owned by me.
>
> ?  That is, should the warning be suppressed in that case?

Uhm, sorry, obviously, you did not understand what I wrote, but I have
trouble phrasing it in a better way.  Here's another attempt:

If the TTY is owned and group-owned by the user, the modes 0600 and
0620 are equivalent (assuming per-user groups).  In order to enable
messages from other users, "mesg y" simply sets the file mode ot 0620.
However, if a per-user group is used (and not group tty), this does
not have the desired effect because programs which are SGID tty (such
as /usr/bin/bsd-write) still cannot access that TTY.  This means that
the warning is factually correct.  It makes perfect sense because the
"mesg y" failed to do what was explicitly requested.
Reply to: