Subject: Re: default /dev/tty* mode and ownership
To: None <firstname.lastname@example.org>
From: Greywolf <email@example.com>
Date: 07/29/2001 12:02:13
On Sun, 29 Jul 2001 firstname.lastname@example.org wrote:
# Date: Sun, 29 Jul 2001 17:01:03 +0900
# From: email@example.com
# To: Emmanuel Dreyfus <firstname.lastname@example.org>
# Cc: email@example.com
# Subject: Re: default /dev/tty* mode and ownership
# >> >Currently, /dev/tty* are created mode 600 root/wheel. Is there any
# >> >problem creating them mode 620 root/tty? Do we ever chgrp them to
# >> >something else than group tty? And is there any implication of allowing
# >> >group tty to write on a non allocated tty?
# >> I don't think this reasonable. this shouldn't be done.
# >What are the drawbacks?
# I don't want wheel group users (with normal user privilege)
# to write to random ptys. yes, wheel users may be able to become
# root, but there are certain protection mechamisms (sudo, su) that
# prevents wheel users from doing random bad things. your change
# (600 -> 620) will let people bypass these mechanisms. now a hijack
# of wheel users' normal account is equivalent to the hijack of root
# account (in terms of pty write privs). this is a security drawback.
He said "group tty", not "group wheel". Near as I can tell, users don't
live in group tty. Where's the lose?
NetBSD: it's not free beer, but it's free.