* Thomas Hood: > Hello, security experts. > > In #349578 it is claimed that the mesg program should not warn if a tty > device node fails to belong to group "tty". > > What are the security implications of a tty device node failing to belong > to group "tty"?
"mesg y" does not have the desired effect because write programs which are SGID tty (such as /usr/bin/bsd-write) cannot write to the TTY even if the permissions are relaxed to 620. In other words, the warning makes perfect sense. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
