On 2024-12-13 11:31:24 +0100, Chris Hofstaedtler wrote: > * Jakub Wilk <jw...@jwilk.net> [241211 19:09]: > > * Chris Hofstaedtler <z...@debian.org>, 2024-11-14 20:57: > > > As far as I can tell, the default for /dev/tty* is mode 0620, and the > > > group owner being tty. No users should be part of that group. > > > > There's at least nwall, which is setgid tty: > > > > $ ls -l /usr/bin/nwall > > -r-xr-sr-x 1 root tty 17988 Nov 14 21:30 /usr/bin/nwall > > I don't quite understand why nwall is relevant here. It is a program > that is installed by root. It still does not make a random user be > part of the tty group.
But since it is setgid tty, users who have "w" for the group on the tty device will be allowed to receive messages from any other user, won't they? And the write permission for the group was controlled by the mesg command. > > > So no, you don't need to remove the +w part from the tty group. > > > > Yes, you do. > > systemd could probably change its compiled-in 0620 setting to 0600. > CCing systemd@ for that. This means that users will not be able to receive messages from non-root users with nwall. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
