Subject: Re: default /dev/tty* mode and ownership
To: Emmanuel Dreyfus <>
From: None <>
List: tech-userlevel
Date: 07/29/2001 17:01:03
>> >Currently, /dev/tty* are created mode 600 root/wheel. Is there any
>> >problem creating them mode 620 root/tty? Do we ever chgrp them to
>> >something else than group tty? And is there any implication of allowing
>> >group tty to write on a non allocated tty?
>>       I don't think this reasonable.  this shouldn't be done.
>What are the drawbacks?

	I don't want wheel group users (with normal user privilege)
	to write to random ptys.  yes, wheel users may be able to become
	root, but there are certain protection mechamisms (sudo, su) that
	prevents wheel users from doing random bad things.  your change
	(600 -> 620) will let people bypass these mechanisms.  now a hijack
	of wheel users' normal account is equivalent to the hijack of root
	account (in terms of pty write privs).  this is a security drawback.