Subject: Re: default /dev/tty* mode and ownership
To: None <firstname.lastname@example.org>
From: Emmanuel Dreyfus <email@example.com>
Date: 07/29/2001 10:51:02
> I don't want wheel group users (with normal user privilege)
> to write to random ptys. yes, wheel users may be able to become
> root, but there are certain protection mechamisms (sudo, su) that
> prevents wheel users from doing random bad things. your change
> (600 -> 620) will let people bypass these mechanisms. now a hijack
> of wheel users' normal account is equivalent to the hijack of root
> account (in terms of pty write privs). this is a security drawback.
I suggested mode 620 root/tty, not 620 root/wheel. Write access for
memebers of group wheel would be bad, I fully agree with this.
Users of group tty already have write access to all allocated ttys (when
you log in, the tty is changed from 600 root/wheel to 620 `whoami`/tty.
This modification would only change something for non allocated tty, and
I wonder if allowing a member of group tty (that is, anyone through
setgid programs such as talk) to write on a non allocated tty was a
Il ne suffit pas de crier l'iMac, l'iMac! en sautant comme un cabri...