On Wed, 27 Aug 2014, Corinna Vinschen wrote:
> Hi,
>
>
> while looking into Cygwin's tty code, I stumbled over this problem:
>
> Every time you log in to Cygwin via sshd, the pty's permissions are
> set like this:
>
> $ ls -l `tty`
> crw--w--w- 1 user group 136, 2 Aug 27 13:06 /dev/pty2
>
> Since Cygwin sets the permissions more tight to begin with, I was
> wondering why the permissions are this open. Turns out, sshd sets
> them like this:
>
> /* Determine the group to make the owner of the tty. */
> grp = getgrnam("tty");
> if (grp) {
> gid = grp->gr_gid;
> mode = S_IRUSR | S_IWUSR | S_IWGRP;
> } else {
> gid = pw->pw_gid;
> mode = S_IRUSR | S_IWUSR | S_IWGRP | S_IWOTH;
> }
>
> On Windows no group called "tty" exists, so sshd always sets the
> permissions to 0622 on Cygwin.
>
> My question is, isn't that a security problem? Shouldn't the
> permissions set to 0600 if a "tty" group doesn't exist, otherwise
> everyone can write to the user's tty? What am I missing?
I think the intention was to allow tools like wall(1) and write(1)
to function on systems without a "tty" group, but IMO it's better
to let the admin decide that.
-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
