Re: safe logging xterm

[jfh () rpp386 cactus org (John F. Haugh II)]

> On Thu, 16 Mar 1995 17:42:07 EST, Robert Banz said:
> > On Tue, 14 Mar 1995, Adam Shostack wrote:
> > > Yes, it leaves setuid on a program that is way too large.  Xterm tends
> > > to be setuid so it can write to utmp.  Thats a bad reason to make a
> > > large program setuid.
> > Hm.  Why not make utmp group "bob" writable, and make xterm setgid "bob"?
>
> Well.. mostly because the OTHER think xterm likes to be set-UID for is
> so it can chown()/chmod() your pty so you own it so you can do things
> like 'mesg n'... ;)
>
> ObSecurityHole: AIX 3.2.5 and 4.1.2 /bin/mesg, /bin/write, and friends
> still don't do the set-GID tty thing from BSD 4.2, so if you run 'mesg
> y' your terminal is mode 644 and anybody can scribble on it, rather
> than the nicer BSD way of setting it to mode 640 and things that were
> set-GID tty could scribble on it, after filtering any inappropriate
> control characters out, etc...
>
> It aint news to IBM - I filed a bug report against AIX/370 for this back
> in 1990 or so.  *sigh*.

AIX v3 gets its TTY protection scheme from v2 and the /etc/ports file.  In
v3 the data is moved into the ODM and poorly documented.  You can change
the default login permissions to something other than 622 and if you have
the correct support agreement, I believe the nice folks in Austin will even
send you the unobfuscated information.

Please note that there is not universal agreement on BSD 4.2's scheme.  My
SVR4 system don't work that way and I want to insist that none of the
pre-SVR4 USG based systems don't either.  This really is a BSD thing.
-- 
John F. Haugh II  [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ]   @'s: jfh () rpp386 cactus org