># 	I don't want wheel group users (with normal user privilege)
># 	to write to random ptys.  yes, wheel users may be able to become
># 	root, but there are certain protection mechamisms (sudo, su) that
># 	prevents wheel users from doing random bad things.  your change
># 	(600 -> 620) will let people bypass these mechanisms.  now a hijack
># 	of wheel users' normal account is equivalent to the hijack of root
># 	account (in terms of pty write privs).  this is a security drawback.
>He said "group tty", not "group wheel".  Near as I can tell, users don't
>live in group tty.  Where's the lose?

	i was wrong about two things, so ignore my message above.
	- it was group tty, not group wheel
	- proposed permission change is from 666 to 620, so the above discussion
	  does not apply.  now the problem is, is it okay for every tty-
	  modifying binary to be setuid/setgid'ed?  you saw various objections.

itojun