netbsd-help: Re: utmp_update: /dev/ttyp7: Is not owned by you

Subject: Re: utmp_update: /dev/ttyp7: Is not owned by you
To: None <netbsd-help@netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: netbsd-help
Date: 08/29/2005 08:12:11

On Mon, 29 Aug 2005, Jeremy C. Reed wrote:

>> Your xterm is compiled in a way that it does not use openpty() or /dev/ptm,
>> so unless it is installed setuid root (*), it will not be able to chown the 
>> pty,
>> and this is a security problem. Utmp_update is just warning you that 
>> something
>> is wrong. What kind of documentation do you have in mind?
>
> I was thinking that the man page could explain what this message means. I 
> didn't know it could be a "security" issue as I thought it was just some 
> informative warning.
>
> Thanks for the info; I will attempt to look at the xterm source about this.
>
>> (*) Of course making the xterm setuid root will not solve your security 
>> problem.

I see that on NetBSD it uses:

     result = openpty(pty, &tty, ttydev, NULL, NULL);

Can someone familiar with this "utmp_update: /dev/ttyp7: Is not owned by 
you" please look at the xterm-204 main.c code?

It is at 
ftp://invisible-island.net/xterm/

Thanks,

  Jeremy C. Reed

  	  	 	 technical support & remote administration
 	  	 	 http://www.pugetsoundtechnology.com/