[1547] in Athena Bugs
6.0R: /etc/xterm
daemon@ATHENA.MIT.EDU (probe@ATHENA.MIT.EDU)
Fri Dec 16 18:29:57 1988
From: <probe@ATHENA.MIT.EDU>
Date: Fri, 16 Dec 88 18:29:44 EST
To: bugs@ATHENA.MIT.EDU
Reply-To: Richard Basch <probe@ATHENA.MIT.EDU>
/etc/xterm seems to be setting the owner of the user's tty to be his
primary gid. Another problem with the protection modes of the tty is
that the tty is setup as world write-able. Both of these present a
problem as it makes it very easy to be hacked (speaking from
experience).
Fix: the owning group of the tty should be group "tty". The reason for
this is that "write" and "talk" are setgid tty and the protection modes
for the tty should be:
640, owner=user, group=tty
-Richard
