-- http://www.xray.mpe.mpg.de/mailing-lists/tru64-unix-managers/1999-07/msg00255.html -- I only intended to show that o+w permissions on /dev/ttys could cause problems. I.e.: victim's terminal /dev/ttyp1 has 622 perms. (u+rw,g+w,o+w) someone executes the following command: echo `perl -e 'print "A"x1000'` > /dev/ttyp1 ( or endless loop ;-) ) or tput reset > /dev/ttyp1 If perms are 620 (o-w) it won't be possible to mess up victim's terminal. IMHO. "mesg y" should only change group permissions (crw--w----) and nothing more. "write", "wall" and "talk" don't need o+w perms. I received the following answers: --- From: Pirie Hart <pirie_at_u.washington.edu> (the first mail) An explicit "mesg y" command grants ALL users the ability to send a message with the write and talk commands (hence permission of crw--w--w-). "mesg n" turns off access so only the user him/herself can send write/talk (displayed as crw-------). The initial setting of mesg grants access to the user and group, but not to all other users (crw--w----). The only "bug" is that there is no option to restore the default setting once it is changed with "mesg y" or "mesg n". --- From: Pirie Hart <pirie_at_u.washington.edu> (the second one) As documented in the manual, mesg yes "permits other users to send messages to your terminal." This means ALL other users, not just user and group. The "who -T" command displays a "+" if the terminal is "writable by anyone" or "-" if "writable only by the superuser or the terminal's owner". I understand (and concur with, by the way) your concern about granting access of other users to your terminal. However, the situation is not a "bug". It works exactly as documented in the manual. If you are so inclined, you could write a script to remove others' write permission: # mesg y ; chmod o-w /dev/`who -m | awk '{print $2}'` --- From: John P Speno <speno_at_isc.upenn.edu> Well, it isn't fixed in patch kit #3, but it is fixed in 4.0f and 5.0. --- Thanks and best regards, -- PBReceived on Mon Jul 19 1999 - 11:21:12 NZST
This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:39 NZDT