Subject: Re: default /dev/tty* mode and ownership
To: Emmanuel Dreyfus <firstname.lastname@example.org>
From: None <email@example.com>
Date: 07/29/2001 17:01:03
>> >Currently, /dev/tty* are created mode 600 root/wheel. Is there any
>> >problem creating them mode 620 root/tty? Do we ever chgrp them to
>> >something else than group tty? And is there any implication of allowing
>> >group tty to write on a non allocated tty?
>> I don't think this reasonable. this shouldn't be done.
>What are the drawbacks?
I don't want wheel group users (with normal user privilege)
to write to random ptys. yes, wheel users may be able to become
root, but there are certain protection mechamisms (sudo, su) that
prevents wheel users from doing random bad things. your change
(600 -> 620) will let people bypass these mechanisms. now a hijack
of wheel users' normal account is equivalent to the hijack of root
account (in terms of pty write privs). this is a security drawback.