[linux-security] Re: RedHat 6.0, /dev/pts permissions bug whenusing xterm (fwd)

[Kevin Kane <frnkzk Glue umd edu>]

On Mon, 7 Jun 1999, Torbjorn Kristoffersen wrote:

| On Mon, 7 Jun 1999 alex yuriev com wrote:
| 
| > 
| > The problem lies in the way that the permissions are set for local
| > connections with the X server using xterm.
| > if you do an ls -l /dev/pts/<the xterm's tty> (we will use pts/0)
| > You get:
| > crw--w--w-   1 ov3r     ov3r     136,   0 Jun  6 12:32 /dev/pts/0
| > 
| > Notice how now "everyone" has write access to this terminal?
| > This leads to the hole that any local user can disrupt any xterminal
| > connected to the local machine.  Simply typing "cat /dev/urandom >
| 
| I've also got RedHat 6.0, but the `bug' never occurs. When a
| local X users uses an XTerm, his terminal device's name is
| as expected /dev/pts/<..>.
| However, the permissions of the device are crw--w----. Everyone hasn't
| write access to the tty. So I don't think this bug can be in all RH6.0
| distributions.

When I upgraded to 6.0, it changed my fstab to add the line for /dev/pts
with the parameter 'mode=0622', and this seemed to be the root of the
problem.  I changed it to 'mode=0620', and also added a 'gid=5' (the GID
of the tty group), and it behaves how I want it, with tty group write.
(Without the gid, on my system, it ended up being the users group, which
might as well be world-write)

                      Kevin Kane <frnkzk Glue umd edu>

[mod: Ok, that's it for this problem guys, we now know the problem and 
the fix. -- REW]