BSD tty security, part 3: How to Fix It
Martin Weitzel
martin at mwtech.UUCP
Sun May 5 05:06:09 AEST 1991
In article <128049 at tyrell.stgt.sub.org> rodney at tyrell.stgt.sub.org (Rodney Volz) writes:
>In article <*WC_6A$@warwick.ac.uk> cudcv at warwick.ac.uk (Rob McMahon) writes:
>>
>> [ problems concerning write(1) ]
>Sorry for interfering, but I really don't see the point in discussing
>"write". Write does not have any S-Bit, so if you e.g. choose to make
>write reject messages > 20 lines, I'll just compile my own write.
In fact many UNIX systems are this stupid, i.e. they make tty-devices
world-writable (if the user specifies "msg y"), but that isn't the way
it *must* be for all time (and in all UNIX versions). A more secure scheme
is sometimes applied where "write" has in fact the SGID-bit set and belongs
to a special group. The tty-devices belong to the same group and mesg y/n
sets group write permission, whereas world write permission is allways
denied.
>Well, I don't even have to compile it...
>$ cat > /dev/console < `eof`
>foo...
>eof
>$
And this won't of course work anymore when the system works as described
above.
--
Martin Weitzel, email: martin at mwtech.UUCP, voice: 49-(0)6151-6 56 83
More information about the Comp.unix.wizards
mailing list