Re: group perms on /dev/pts/*

H. Peter Anvin (hpa@transmeta.com)
30 May 1999 02:48:25 GMT

Followup to: <19990528153851.P29147@xs4all.nl>
By author: Thomas Wouters <thomas@xs4all.nl>
In newsgroup: linux.dev.kernel
> > >
> > > Edit your /etc/fstab, change the mode to "640" instead of "620"..ie..
> > >
> > > none /dev/pts devpts gid=5,mode=640 0 0
>
> > Don't do that unless you want people to snoop on you. 620 are the
> > proper perms; if that doesn't work with screen, screen is broken.
>
> But it isn't. I also dont see why it needs group perms on the ttys -- unless
> screen is running setuid tty or some such. Here,
>

It shouldn't, you're right; all I said was that *if* screen doesn't
work with the proper permissions on /dev/pts (as given above), *then*
screen is broken.

I don't use screen, so I don't know if it's broken or not.

gid=5,mode=620 allows programs like write(1) to operate properly.

> > ls -l `which screen`
> -rwxr-xr-x 1 root root 179260 Apr 7 17:29 /usr/bin/screen
>
> > ps auxwww | fgrep screen
> [snip]
> thomas 28538 0.0 0.0 1924 0 pts/8 SW May21 0:00 [screen]
> [snip]
>
> > ls -l /dev/pts/8
> crw--w---- 1 thomas thomas 136, 8 May 28 15:36 /dev/pts/8

The above is incorrect too: you should either change your mode to
mode=600 or add the appropriate gid= option (for group tty).

-hpa

-- 
"The user's computer downloads the ActiveX code and simulates a 'Blue
Screen' crash, a generally benign event most users are familiar with
and that would not necessarily arouse suspicions."
-- Security exploit description on http://www.zks.net/p3/how.asp


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/