[Bug 2872] wall command shows error when logged in through non-root user.
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Aug 7 19:57:39 AEST 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2872
--- Comment #9 from Darren Tucker <dtucker at dtucker.net> ---
I have two concerns:
- I don't see how your change fixes it in the general case. Given the
wall binary was not set[ug]id, how was your test user able to write to
a mode 620 $user:$group pty? Given /dev/pts/3 in your example is has
user:group mayank:staff I suspect both sender and recipients were
members of "staff".
- I don't see anything that sshd can currently do on AIX that does not
reintroduce the unsafe behaviour we're trying to prevent. Rereading
the discussion around CVE-2015-6565 (and in particular
http://openwall.com/lists/oss-security/2017/01/31/13) it looks like
that specific attack was a race in the Linux kernel, but my concern is
that there's similar attacks on other platforms.
Is it feasible to add a "tty" group make /usr/bin/wall setgid tty?
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list