On Sun, 29 Jul 2001 itojun@iijlab.net wrote:

# Date: Sun, 29 Jul 2001 17:01:03 +0900
# From: itojun@iijlab.net
# To: Emmanuel Dreyfus <manu@netbsd.org>
# Cc: tech-userlevel@netbsd.org
# Subject: Re: default /dev/tty* mode and ownership
#
# >> >Currently, /dev/tty* are created mode 600 root/wheel. Is there any
# >> >problem creating them mode 620 root/tty? Do we ever chgrp them to
# >> >something else than group tty? And is there any implication of allowing
# >> >group tty to write on a non allocated tty?
# >>       I don't think this reasonable.  this shouldn't be done.
# >
# >What are the drawbacks?
#
# 	I don't want wheel group users (with normal user privilege)
# 	to write to random ptys.  yes, wheel users may be able to become
# 	root, but there are certain protection mechamisms (sudo, su) that
# 	prevents wheel users from doing random bad things.  your change
# 	(600 -> 620) will let people bypass these mechanisms.  now a hijack
# 	of wheel users' normal account is equivalent to the hijack of root
# 	account (in terms of pty write privs).  this is a security drawback.

He said "group tty", not "group wheel".  Near as I can tell, users don't
live in group tty.  Where's the lose?

# itojun


				--*greywolf;
--
NetBSD: it's not free beer, but it's free.