Re: Security implications of tty group?
* Thomas Hood:
> Florian Weimer wrote:
>> In other words, the warning makes perfect sense.
>
>
> Would it also be secure if (as the submitter of #349578 writes):
This hasn't got to do much with security.
>> The tty is /dev/pts/* and is always owned and group-owned by me.
>
> ? That is, should the warning be suppressed in that case?
Uhm, sorry, obviously, you did not understand what I wrote, but I have
trouble phrasing it in a better way. Here's another attempt:
If the TTY is owned and group-owned by the user, the modes 0600 and
0620 are equivalent (assuming per-user groups). In order to enable
messages from other users, "mesg y" simply sets the file mode ot 0620.
However, if a per-user group is used (and not group tty), this does
not have the desired effect because programs which are SGID tty (such
as /usr/bin/bsd-write) still cannot access that TTY. This means that
the warning is factually correct. It makes perfect sense because the
"mesg y" failed to do what was explicitly requested.
Reply to: