Bug#59439: [Pkg-shadow-devel] Bug#59439: login.defs: Should we document why default TTYPERM is 0600?

Martin Quinson Martin Quinson <martin.quinson@loria.fr>, 59439@bugs.debian.org
Thu, 12 May 2005 20:12:16 +0200


--3V7upXqbjpZ4EhLz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, May 12, 2005 at 06:34:35PM +0200, Christian Perrier wrote:
>=20
> Ben Collins answer to #59439 seems to make sense to me. I tested all
> this and, with the default setting of TTYPERM 0600 we have in Debian,
> users cannot use write to another user unless that user issues "dmesg
> y" in his/her terminal.
>=20
> This is a secure default which shouldn't probably be changed.
>=20
> So, the only concernis maybe adding some more comments to
> /etc/login.defs:

A small reformulation, maybe.

> # In Debian /usr/bin/bsd-write or similar programs are setgid tty
> # However, the default and recommended value for TTYPERM is still 0600
> # to not allow anyone to write to anyone else console or terminal

> # Users can overwrite this setting by using the "dmesg y" command

Users can still allow other people to write them by issuing the "dmesg y"
command.

Thanks, Mt.

--3V7upXqbjpZ4EhLz
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCg5x/IiC/MeFF8zQRAk6BAJ0aaavZGQuZWy2nP1gH4rbExBuhYQCfXeaT
tpnyDNMe+c7d0tRhrcN+3Hs=
=eC6K
-----END PGP SIGNATURE-----

--3V7upXqbjpZ4EhLz--