Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ames!ncar!tank!mimsy!chris
From: chris@mimsy.UUCP (Chris Torek)
Newsgroups: comp.unix.questions
Subject: tty security (was Re: .plan)
Message-ID: <19441@mimsy.UUCP>
Date: 7 Sep 89 01:20:36 GMT
References: <61@towernet.UUCP> <1989Aug23.192105.21328@ee.rochester.edu> <2411@wyse.wyse.com>
Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742
Lines: 14

In article <2411@wyse.wyse.com> bob@wyse.wyse.com (Bob McGowen Wyse Technology
Training) writes:
>Binding a function key may not require the user(owner)'s ID or permissions.
>When a user logs in the device they are on is set to rw--w--w-, ...

Speak for yourself (or rather, your own Unix).  We have been setting it
to `rw--w---- <owner> tty' for some time now.

(I let this go by several times earlier, hoping someone else would point
out that `permission to send messages' is not the same as `permission to
send arbitrary text' in 4.3BSD-tahoe.)
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris@mimsy.umd.edu	Path:	uunet!mimsy!chris