>       I don't want wheel group users (with normal user privilege)
>       to write to random ptys.  yes, wheel users may be able to become
>       root, but there are certain protection mechamisms (sudo, su) that
>       prevents wheel users from doing random bad things.  your change
>       (600 -> 620) will let people bypass these mechanisms.  now a hijack
>       of wheel users' normal account is equivalent to the hijack of root
>       account (in terms of pty write privs).  this is a security drawback.

I suggested mode 620 root/tty, not 620 root/wheel. Write access for
memebers of group wheel would be bad, I fully agree with this.

Users of group tty already have write access to all allocated ttys (when
you log in, the tty is changed from 600 root/wheel to 620 `whoami`/tty.

This modification would only change something for non allocated tty, and
I wonder if allowing a member of group tty (that is, anyone through
setgid programs such as talk) to write on a non allocated tty was a
problem.

-- 
Emmanuel Dreyfus.   
Il ne suffit pas de crier l'iMac, l'iMac! en sautant comme un cabri...
manu@netbsd.org