In article <Pine.NEB.4.62.0508271237010.639@pilchuck.reedmedia.net>,
Jeremy C. Reed <reed@reedmedia.net> wrote:
>I was testing xterm-204 on NetBSD/i386 2.0.2.
>
>When I opened new xterm, I got:
>
>  utmp_update: /dev/ttyp7: Is not owned by you
>
>I have:
>
>  rainier:/usr/pkgsrc/x11/xterm$ tty
>  /dev/ttyp7
>
>  rainier:/usr/pkgsrc/x11/xterm$ ls -l /dev/ttyp7
>  crw-rw-rw-  1 root  wheel  5, 7 Aug 27 09:51 /dev/ttyp
>
>I don't see this "utmp_update: /dev/ttyp7: Is not owned by you" message
>when running Xorg's xterm. And it doesn't appear on DragonFly, for 
>example.
>
>I did a quick look at utmp_update(8) manpage.
>
>Also, I read a June 2004 posting that said should add user to the 
>utmp group.
>
>I never used that utmp group before:
>
>  rainier:/usr/pkgsrc/x11/xterm$ grep utmp /etc/group
>  utmp:*:45:
>
>Where is this documented?

Your xterm is compiled in a way that it does not use openpty() or /dev/ptm,
so unless it is installed setuid root (*), it will not be able to chown the pty,
and this is a security problem. Utmp_update is just warning you that something
is wrong. What kind of documentation do you have in mind?

christos

(*) Of course making the xterm setuid root will not solve your security problem.