[1789] in Athena Bugs
6.1A: /usr/bin/mesg
daemon@ATHENA.MIT.EDU (probe@ATHENA.MIT.EDU)
Thu Feb 16 01:37:12 1989
From: <probe@ATHENA.MIT.EDU>
Date: Thu, 16 Feb 89 01:36:48 EST
To: vs-testers@ATHENA.MIT.EDU, rt-testers@ATHENA.MIT.EDU
Cc: bugs@ATHENA.MIT.EDU
Reply-To: Richard Basch <probe@ATHENA.MIT.EDU>
I filed this bug report a long time ago, but since it still applies to
this release, I will re-file it.
/usr/bin/mesg does not clear the world-writable bit on the tty. If the
tty is "world-writable", mesg n only clears the group-writable bit.
The fix is fairly simple: just change the "020"'s in the source to "022"'s.
The other problem is that the tty protections are not being set
correctly to begin with. Here is a listing of one of my ttys:
crw--w--w- 1 probe mit 6, 4 Feb 16 01:32 /dev/ttyp4
I suspect the problem is in /etc/xterm (my version of /etc/xterm is
setuid root, even though this is a problem on the packs). Notice that
it was set to be owned by my default group as opposed to being owned by
group "tty" and also notice that it is world-writable. The BSD 4.3
standard is to have it only be group-writable and owned by group "tty".
This way, some terminals such as true H19's aren't in danger of being
sent escape sequences that could force characters into the queue or be
subject to other such malevolent actions.
-Richard
