Date: Wed, 14 May 1997 16:11:52 -0700 (PDT) From: Jonathan Mini <j_mini@efn.org> To: John-Mark Gurney <gurney_j@resnet.uoregon.edu> Cc: bofh@terranova.net, security@FreeBSD.ORG Subject: Re: /usr/sbin/wall is suid root. Message-ID: <Pine.SUN.3.95.970514161122.9413A-100000@garcia.efn.org> In-Reply-To: <19970514130407.00511@hydrogen.nike.efn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 14 May 1997, John-Mark Gurney wrote: He is right, I didn't check. However, this was 2.2.1-R. > Travis Mikalson scribbled this message on May 14: > > Jonathan Mini wrote: > > > > > > Personally, I think that being able to transmit an abatrary string of > > > characters to every user's console on the system is a bit of a security > > > hole. ANSI keyboard reassignments come to mind. > > > > On my system, running 2.2-STABLE, /usr/bin/wall is setgid tty.. > > -r-xr-sr-x 1 bin tty 12288 Apr 16 06:05 /usr/bin/wall > > > > What version are you running where wall is in /usr/sbin and is setuid > > root? > > well.. I think Mini didn't check close enough... but stil... having it > sgid tty can have adverse side effects... like allowing people to write > to everyone... (REALLY anoying when you have around 8-15 logins.. :) ) > > I think we shouldn't install it sgid... is ther any good reason to > have it sgid?? > > -- > John-Mark > Cu Networking Modem/FAX: +1 541 683 6954 > > Live in Peace, destroy Micro$oft, support free software, run FreeBSD > Jonathan Mini (j_mini@efn.org) ... Desolation ... Despair ... Plastic Forks ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.95.970514161122.9413A-100000>