>Number:         23229
>Category:       pkg
>Synopsis:       [SECURITY] x11/aterm 0.4.2 fails to set correct permissions on it's tty
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Oct 22 13:58:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Tobias Nygren
>Release:        NetBSD 1.6ZD
>Organization:
>Environment:
NetBSD soyokaze 1.6ZD NetBSD 1.6ZD (GENERIC-SOYOKAZE) #0: Sat Oct 18 12:58:44 CEST 2003  root@hitomi:/tmp/soyokaze/obj/sys/arch/i386/compile/GENERIC-SOYOKAZE i386
>Description:
Aterm does not manage it's tty correctly, making insertion
of characters possible. (Even tty snooping?) See below.

>How-To-Repeat:
tnn@soyokaze:~$ aterm
utmp_update: /dev/ttyp2: Is not owned by you
^Z
[1]+  Stopped                 aterm
tnn@soyokaze:~$ bg
[1]+ aterm &
tnn@soyokaze:~$ ls -l /dev/ttyp2 /dev/ptyp2
crw-rw-rw-  1 root  wheel  6, 2 Oct 22 15:36 /dev/ptyp2
crw-rw-rw-  1 root  wheel  5, 2 Oct 22 15:48 /dev/ttyp2
tnn@soyokaze:~$ w
 3:48PM  up 3 mins, 2 users, load averages: 0.41, 0.25, 0.10
USER    TTY FROM              LOGIN@  IDLE WHAT
tnn      E0 -                 3:46PM     1 -csh 
tnn      p1 :0.0              3:46PM     0 w 
tnn@soyokaze:~$ ps auxw | grep aterm
tnn  161  0.0  0.5   380  1972 p1  S     3:48PM 0:00.06 aterm 
tnn  602  0.0  0.1   168   552 p1  S+    3:55PM 0:00.00 grep aterm

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: