[114] in linux-security and linux-alert archive
tty utilities follow up
daemon@ATHENA.MIT.EDU (Rik Faith)
Sun Mar 12 02:13:29 1995
Date: Sun, 12 Mar 1995 01:21:19 -0500
From: Rik Faith <faith@cs.unc.edu>
To: linux-security@tarsier.cv.nrao.edu
CC: faith@cs.unc.edu
Reply-To: linux-security@tarsier.cv.nrao.edu
I have implemented the following semantics for util-linux-2.3 (not yet
released, but see below):
If USE_TTY_GROUP is defined at compile time (the new default):
login: changes the group of the tty to "tty"
changes the mode of the tty to 620
mesg: n changes the mode to 600,
y changes the mode to 620
wall and write are setgid to "tty"
If USE_TTY_GROUP is _not_ defined at compile time (for backward compatibility):
login: changes the mode of the tty to 600
mesg: n changes the mode to 600
y changes the mode to 622
wall and write are not setgid
write has always prevented the sending of arbitrary escape sequences. I
have implemented similar prevention in wall and shutdown.
What else needs to be done:
The sysvinit maintainer needs to implement similar changes for mesg,
wall/write, and shutdown in the sysvinit package
The shadow password suite maintainer needs to implement similar
changes for login
X11R6 needs to be configured so that USE_TTY_GROUP is defined when
xterm is compiled (no patches are needed, but this is not
the default configuration for Linux in the pristine MIT
sources -- this should be changed when all of the
associated Linux programs support this scheme).
Maintainers of utilities like talk need to implement similar
changes, if they are not already supported.
If you would like to play with these changes, I have placed a snapshot of
the sources at
ftp.cs.unc.edu:/pub/users/faith/linux/util-linux-pre2.3.tar.gz [Please note
that the shutdown contained in this package is not compatible with the
sysvinit shutdown, and that the login is not shadow-aware unless special
care is taken (shadow will be better supported in util-linux once the
community has resolved the related copyright and implementation issues).
However, the mesg, wall, and write programs should work on all systems
(although not very well if xterm and login do not cooperate with this
scheme).]
