Re: SunOS's xterm pb : again !

[pug () arlut utexas edu (Pug)]

> > The pb is : Under SunOS, the terminal devices (/dev/ttyp?) are
> > owned by root, with rights rw-rw-rw-. When you log on the machine,
> > the login process changes the owner of the terminal, so the tty
> > belongs to you, with minimum access rights. BUT when using an xterm,
> > you don't have the permissions to change the owner and access rights
> > of the newly allocated tty. So the device stays owned by root,
> > WORLD READABLE and WORLD WRITEABLE !!!
> > I think this introduces a major security hole...
>       yes, 666 is not the best mode for tty.. :)

I've turned this into Sun as a Security problem, as well as a bug. So
far the only response I've gotten from Sun is that this problem was
opened a while back, but closed as not a bug. Well, I don't see that
happening this time since I have way too many SunOS 4.x machines running
around. Of course it's 'fixed in the current release of the OS', unless
you count SunOS 4.1.4 as current.

Ciao,

-- 
Richard Bainter          Mundanely     |    System Analyst        - OMG/CSD
Pug                      Generally     |    Applied Research Labs - U.Texas
 pug () arlut utexas edu  |  pug () bga com  |  pug () eden com  |  {any user}@pug.net
Note: The views may not reflect my employers, or even my own for that matter.