[83] in linux-security and linux-alert archive
Re: tty permissions
daemon@ATHENA.MIT.EDU (Joe Fomenko)
Thu Mar 9 16:55:37 1995
Date: Thu, 9 Mar 1995 15:17:22 +0000
From: Joe Fomenko <joef@willow.microserve.com>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199503091901.OAA23052@tarsier.cv.nrao.edu>
Reply-To: linux-security@tarsier.cv.nrao.edu
On Thu, 9 Mar 1995, Jeff Uphoff wrote:
> "MM" == Marek Michalkiewicz <ind43@ci3ux.ci.pwr.wroc.pl> writes:
> MM> I see one security problem with the standard util-linux login. When
> MM> the user logs in, the permissions of this user's tty are set to 0622.
> MM> [Explanation as to why this is A Bad Thing.]
[snip]
> Note that since this appears only to affect 'login' tty's ('xterm' sets
> perm's correctly to 0620, group "tty"), if a person is running X on the
> system then the util's such as 'write' and 'wall' need to be setgid
> anyway to work as intended. (At least in "stock" Slackware this is the
> case...)
>
> MM> In fact, the code to set right tty permissions exists in util-linux login.
> MM> You only need to change a few #ifdefs and change mesg so it can set right
> MM> permissions. Are there any good reasons it has not been done yet?
>
> I hadn't noticed the interesting (Slackware-based) 'mesg'
> permission-setting before (this is an 'xterm' tty):
Hmmm, not with my setup (Yggdrasil, Summer '94 CD...)
<duplicates your example, opens fresh xterm...>
bash$ tty
/dev/ttypa
bash$ ls -l /dev/ttypa
crw--w--w- 1 joef user 4, 202 Mar 9 15:10 /dev/ttypa
bash$ mesg
Is y
bash$ mesg n
bash$ !ls
ls -l /dev/ttypa
crw------- 1 joef user 4, 202 Mar 9 15:11 /dev/ttypa
bash$ mesg y
bash$ !ls
ls -l /dev/ttypa
crw--w--w- 1 joef user 4, 202 Mar 9 15:11 /dev/ttypa
Hmmm, not group tty, either :( Looks like I'll have to roll my own...
> It might be worth passing the word to distribution maintainers that the
> util's should probably be compiled more "restrictively" if there is such
It might indeed :)
=====================================================
= Joe Fomenko - Willow Grove, PA =
= IC CAD,CAE Consultant =
= joef@willow.microserve.com =
=====================================================
