From owner-freebsd-questions Mon May 19 21:55:31 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id VAA11844 for questions-outgoing; Mon, 19 May 1997 21:55:31 -0700 (PDT) Received: from xmission.xmission.com (softweyr@xmission.xmission.com [198.60.22.2]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id VAA11837 for ; Mon, 19 May 1997 21:55:27 -0700 (PDT) Received: (from softweyr@localhost) by xmission.xmission.com (8.8.5/8.7.5) id WAA01154; Mon, 19 May 1997 22:55:21 -0600 (MDT) From: Wes Peters - Softweyr LLC Message-Id: <199705200455.WAA01154@xmission.xmission.com> Subject: Re: /usr/sbin/wall is suid root. To: gurney_j@resnet.uoregon.edu Date: Mon, 19 May 1997 22:55:20 -0600 (MDT) Cc: questions@freebsd.org In-Reply-To: <19970514130407.00511@hydrogen.nike.efn.org> from "John-Mark Gurney" at May 14, 97 01:04:07 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Jonathan Mini wrote: % Personally, I think that being able to transmit an abatrary string of % characters to every user's console on the system is a bit of a security % hole. ANSI keyboard reassignments come to mind. But it doesn't allow you to write on everyone's terminal, just those who have set 'mesg y'. See wall(1). (Unless you're root, in which case you can do *anything*. ;^) > well.. I think Mini didn't check close enough... but stil... having it > sgid tty can have adverse side effects... like allowing people to write > to everyone... (REALLY anoying when you have around 8-15 logins.. :) ) Again, RTFM: wall(1). -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.xmission.com/~softweyr softweyr@xmission.com