[108] in linux-security and linux-alert archive
Re: tty permissions
daemon@ATHENA.MIT.EDU (Joseph S. D. Yao)
Sat Mar 11 15:20:15 1995
Date: Fri, 10 Mar 1995 21:26:58 -0500
From: "Joseph S. D. Yao" <jsdy@cais.cais.com>
To: linux-security@tarsier.cv.nrao.edu
Reply-To: linux-security@tarsier.cv.nrao.edu
Marek Michalkiewicz (ind43@ci3ux.ci.pwr.wroc.pl) wrote on 9 March 1995 15:13:
> >But I think it would be better if the permissions were set to 0620, group
> >"tty". Programs like write should be setgid tty and filter out control
> >characters (write in util-linux already does this).
> Agreed. Talk then must also be like this. On the other hand, one could
> argue that the user can always change the permissions of /dev/tty...
The semantics of /dev/tty don't always work for what one wants to do
through one's login terminal. I've run into problems with that in the
past. If I try hard enough, I'll be able to remember what. [;-)]
If a program needs to affect the user's login terminal, it needs to
have some permissions on it. I've had problems when I've logged in as
"joe" and su'ed to (e.g.) "bin": but "bin" has no permissions on
"joe"'s login terminal.
In general, it is best to see if you can make a program setgid-to-some
group, than making everything setuid-root [horrors!].
Joe Yao jsdy@cais.com - Joseph S. D. Yao
