Date: Wed, 14 May 1997 13:04:07 -0700 From: John-Mark Gurney <jmg@hydrogen.nike.efn.org> To: bofh@terranova.net Cc: Jonathan Mini <j_mini@efn.org>, security@FreeBSD.ORG Subject: Re: /usr/sbin/wall is suid root. Message-ID: <19970514130407.00511@hydrogen.nike.efn.org> In-Reply-To: <3379FE38.4F0@TerraNova.net>; from Travis Mikalson on Wed, May 14, 1997 at 02:02:32PM -0400 References: <Pine.SUN.3.95.970513145202.9656A-100000@garcia.efn.org> <3379FE38.4F0@TerraNova.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Travis Mikalson scribbled this message on May 14: > Jonathan Mini wrote: > > > > Personally, I think that being able to transmit an abatrary string of > > characters to every user's console on the system is a bit of a security > > hole. ANSI keyboard reassignments come to mind. > > On my system, running 2.2-STABLE, /usr/bin/wall is setgid tty.. > -r-xr-sr-x 1 bin tty 12288 Apr 16 06:05 /usr/bin/wall > > What version are you running where wall is in /usr/sbin and is setuid > root? well.. I think Mini didn't check close enough... but stil... having it sgid tty can have adverse side effects... like allowing people to write to everyone... (REALLY anoying when you have around 8-15 logins.. :) ) I think we shouldn't install it sgid... is ther any good reason to have it sgid?? -- John-Mark Cu Networking Modem/FAX: +1 541 683 6954 Live in Peace, destroy Micro$oft, support free software, run FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970514130407.00511>