From owner-freebsd-security  Wed May 14 13:34:44 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id NAA02869
          for security-outgoing; Wed, 14 May 1997 13:34:44 -0700 (PDT)
Received: from vespucci.iquest.com (root@vespucci.iquest.com [199.170.120.42])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA02863
          for <security@FreeBSD.ORG>; Wed, 14 May 1997 13:34:41 -0700 (PDT)
Received: from localhost (b@localhost) by vespucci.iquest.com (8.8.5/8.8.5) with SMTP id PAA19827; Wed, 14 May 1997 15:34:17 -0500 (CDT)
Date: Wed, 14 May 1997 15:34:17 -0500 (CDT)
From: b <b@iquest.com>
To: John-Mark Gurney <gurney_j@resnet.uoregon.edu>
cc: security@FreeBSD.ORG
Subject: Re: /usr/sbin/wall is suid root.
In-Reply-To: <19970514130407.00511@hydrogen.nike.efn.org>
Message-ID: <Pine.BSI.3.93.970514153304.19484A-100000@vespucci.iquest.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 14 May 1997, John-Mark Gurney wrote:

> well.. I think Mini didn't check close enough...  but stil... having it
> sgid tty can have adverse side effects... like allowing people to write
> to everyone... (REALLY anoying when you have around 8-15 logins.. :) )

Isn't that the expected behavior of wall?  If you don't want users
broadcasting messages, then remove the execute bit.

b