[Bug 2872] wall command shows error when logged in through non-root user.

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Aug 7 19:57:39 AEST 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2872

--- Comment #9 from Darren Tucker <dtucker at dtucker.net> ---
I have two concerns:

 - I don't see how your change fixes it in the general case.  Given the
wall binary was not set[ug]id, how was your test user able to write to
a mode 620 $user:$group pty?  Given /dev/pts/3 in your example is has
user:group mayank:staff I suspect both sender and recipients were
members of "staff".

 - I don't see anything that sshd can currently do on AIX that does not
reintroduce the unsafe behaviour we're trying to prevent.  Rereading
the discussion around CVE-2015-6565 (and in particular
http://openwall.com/lists/oss-security/2017/01/31/13) it looks like
that specific attack was a race in the Linux kernel, but my concern is
that there's similar attacks on other platforms.

Is it feasible to add a "tty" group make /usr/bin/wall setgid tty?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list