Control: tags -1 + wontfix * Vincent Lefevre <vinc...@vinc17.net> [241114 12:36]: > In /usr/share/doc/util-linux/NEWS.Debian.gz: > > util-linux (2.40.2-11) unstable; urgency=medium > > * The mesg(1) and write(1) programs are no longer provided. > It is believed chatting between users is nowadays done using more > secure facilities. > > -- Chris Hofstaedtler <z...@debian.org> Wed, 13 Nov 2024 12:58:06 +0100 > > There are two issues: > > 1. mesg(1) was used to control where other users could display messages > in terminals. While write(1) has been removed, there may be other ways > to write to a terminal: one just needs to write to the terminal device. > If the default is not secure (and it seems that it isn't, because > "mesg n" was removing the write permission for the group), this is > potentially bad.
As far as I can tell, the default for /dev/tty* is mode 0620, and the group owner being tty. No users should be part of that group. So no, you don't need to remove the +w part from the tty group. > 2. wall(1) has not been removed. It seems that it was no longer working, > and still isn't. The latest changelog about "wall" says: > > * No longer install wall, write setgid tty > > on 27 Mar 2024, but this is not true. It is still installed, and so is > its man page, which still references mesg(1) and write(1), though they > are no longer installed. If you read this carefully, it says *setgid*. This is true. It doesn't say anything about not installing wall at all. wall is intentionally left there, and can be used by root. Close
