Source: util-linux
Version: 1:2.40.2-11
Severity: important
In /usr/share/doc/util-linux/NEWS.Debian.gz:
util-linux (2.40.2-11) unstable; urgency=medium
* The mesg(1) and write(1) programs are no longer provided.
It is believed chatting between users is nowadays done using more
secure facilities.
-- Chris Hofstaedtler <z...@debian.org> Wed, 13 Nov 2024 12:58:06 +0100
There are two issues:
1. mesg(1) was used to control where other users could display messages
in terminals. While write(1) has been removed, there may be other ways
to write to a terminal: one just needs to write to the terminal device.
If the default is not secure (and it seems that it isn't, because
"mesg n" was removing the write permission for the group), this is
potentially bad.
2. wall(1) has not been removed. It seems that it was no longer working,
and still isn't. The latest changelog about "wall" says:
* No longer install wall, write setgid tty
on 27 Mar 2024, but this is not true. It is still installed, and so is
its man page, which still references mesg(1) and write(1), though they
are no longer installed.
-- System Information:
Debian Release: trixie/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500,
'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'),
(500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.7.12-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-- no debconf information
--
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
