>Number:         36060
>Category:       bin
>Synopsis:       regression: users cannot dial out with cu/tip
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri Mar 23 13:45:00 +0000 2007
>Originator:     Valeriy E. Ushakov
>Release:        NetBSD 4.99.9
>Organization:
>Environment:
NetBSD bigmac 4.99.9 NetBSD 4.99.9 (BIGMAC) #1: Sat Feb 24 01:31:14 MSK 2007  toor@bigmac:/export/netbsd/cvs/src/sys/arch/macppc/compile/BIGMAC macppc

>Description:
Removal of setuid bit from tip/cu introduced a regression.

Permissions setup used to be:

$ ls -l /usr/bin/cu /usr/bin/tip
-r-sr-xr--  1 uucp  dialer  132380 Aug 10  2003 /usr/bin/cu
-r-sr-xr--  1 uucp  dialer   53556 Aug 10  2003 /usr/bin/tip
$ ls -l /dev/dtya
crw-------  1 uucp  wheel  12, 524288 Dec 26  2002 /dev/dtya

so members of group "dialer" could use cu/tip that would setuid to
uucp uid and will be allowed to open /dev/dty


Now cu/tip (which is the same program now) are not setuid, so
ordinary users cannot use cu/tip to dial out, only root can.

This is a regression - users of group "dialer" can no longer dial out.

>How-To-Repeat:
Try to use cu/tip to connect to a modem or remote serial console as
a plain user that is member of group "dialer".

>Fix:
With non-setuid cu/tip dty* devices should be chgrp dialer and g+rw
for nornal users (from "dialer" group) to be able to dial out.

1)  This should be documented in cu/tip man pages and user guide

2a) We can create dty* devices chgrp dialer/chmod g+rw - to restore
    previous beahviour: members of dialer can dial out on any dty

2b) We can leave dty* belonging to wheel and let admin to decide
    which dty devices he wants to make available for dial out
    (by making them chgrp dialer/chmod g+rw)