[86] in linux-security and linux-alert archive
Re: tty permissions
daemon@ATHENA.MIT.EDU (Thomas Briggs)
Thu Mar 9 21:00:50 1995
Reply-To: linux-security.id.m0rmqju-000CJ3C;Thu@tarsier.cv.nrao.edu,
9.Mar.95.17:31.EST@tarsier.cv.nrao.edu
Date: Thu, 9 Mar 1995 17:31:25 -0500 (EST)
From: Thomas Briggs <tbriggs@cutter.ship.edu>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <9503091513.aa19965@ci3ux.ci.pwr.wroc.pl>
On Thu, 9 Mar 1995, Marek Michalkiewicz wrote:
> In fact, the code to set right tty permissions exists in util-linux login.
> You only need to change a few #ifdefs and change mesg so it can set right
> permissions. Are there any good reasons it has not been done yet?
>
This is one of the useful features of shadow passwords, it does let you
change this to any mode you want (for instance, on this system, I have it
set for 0600, only a user has their own TTY, even another user of the
group can't get to it... and I have all my /usr/bin utils chmod 4777 :-)
[Mod: Sounds like somebody here used to work for Microsoft. :)~ --Jeff.]
Actually, realistically, along with the tty's being more public than I
like, I've noticed a bunch of devices are freely accesible to users...
I'll try to make a list of the ones I think are kinda not logical.
Also, there are some utils and directories that I think ought to be
protected by some better security, such as /sbin and /usr/sbin, I would
not even like users seeing what was in these dirs... I've got them
chmod'ed out of the user space as well as out of root's profile, etc,
etc. At least this way, if a user does happen to get to be root or
uid=0, they won't have a clear picture as to whats in those directories.
+-----------+ "Cutter has crashed, again!" - Scott Hooper, 1994
|Tom Briggs +----------------------------+ Cutter: probably the most heavily
|Shippensburg University of Pennsylvania | loaded i486-33 machine ever made.
|primary address: tbriggs@cutter.ship.edu+---------+ Linux 1.1.94, 600 users
|secondary address: tbriggs@saturn.csee.lehigh.edu| telnet,Aftp,gopher,http
+--------------------------------------------------+ nfs,identd,pine,rtin...
--
[Mod: Yes, I realize that if a user should "happen to get to be root,"
odds are that they know full well where to find the sbin-type util's and
how to use them if they want. Let's not start a thread over this...
--Jeff.]
