Subject: Re: default /dev/tty* mode and ownership
To: Greywolf <email@example.com>
From: None <firstname.lastname@example.org>
Date: 07/30/2001 08:15:29
># I don't want wheel group users (with normal user privilege)
># to write to random ptys. yes, wheel users may be able to become
># root, but there are certain protection mechamisms (sudo, su) that
># prevents wheel users from doing random bad things. your change
># (600 -> 620) will let people bypass these mechanisms. now a hijack
># of wheel users' normal account is equivalent to the hijack of root
># account (in terms of pty write privs). this is a security drawback.
>He said "group tty", not "group wheel". Near as I can tell, users don't
>live in group tty. Where's the lose?
i was wrong about two things, so ignore my message above.
- it was group tty, not group wheel
- proposed permission change is from 666 to 620, so the above discussion
does not apply. now the problem is, is it okay for every tty-
modifying binary to be setuid/setgid'ed? you saw various objections.