Re: SunOS's xterm pb : again !

[casper () fwi uva nl (Casper Dik)]

> > > The pb is : Under SunOS, the terminal devices (/dev/ttyp?) are
> > > owned by root, with rights rw-rw-rw-. When you log on the machine,
> > > the login process changes the owner of the terminal, so the tty
> > > belongs to you, with minimum access rights. BUT when using an xterm,
> > > you don't have the permissions to change the owner and access rights
> > > of the newly allocated tty. So the device stays owned by root,
> > > WORLD READABLE and WORLD WRITEABLE !!!
> > > I think this introduces a major security hole...
> >      yes, 666 is not the best mode for tty.. :)
>
> I've turned this into Sun as a Security problem, as well as a bug. So
> far the only response I've gotten from Sun is that this problem was
> opened a while back, but closed as not a bug. Well, I don't see that
> happening this time since I have way too many SunOS 4.x machines running
> around. Of course it's 'fixed in the current release of the OS', unless
> you count SunOS 4.1.4 as current.


Note that if Sun is to fix this problem, cmdtool and shelltool would
be higher on the list of applications with the same problem.
(Not to mention script and some other programs).

Use R5 xterm, you have to install R5 anyway to get a decent X server under
SunOS 4.1.x.  

The System V way of allocating ptys is really superior.

Casper