Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!snorkelwacker.mit.edu!bloom-beacon!dont-send-mail-to-path-lines From: mouse@lightning.mcrcim.mcgill.EDU (der Mouse) Newsgroups: comp.windows.x Subject: Re: Xterm cannot write log files Message-ID: <9105021525.AA19153@lightning.McRCIM.McGill.EDU> Date: 2 May 91 15:25:56 GMT Sender: daemon@athena.mit.edu (Mr Background) Organization: The Internet Lines: 45 >> So I'd conclude that, unless I've missed something suble, >> setuid-root isn't necessary for xterm, and setgid-system suffices, >> if all the appropriate files are in the system group and are group >> writable. I think you're mostly right, though tty ownerships still won't get set properly. > Doesn't the -C option, which redirects console output to the xterm > window, use an ioctl that requires root access? (I am assuming the systems in question are Suns.) TIOCCONS, it is. No, anyone can use it. This is somewhat dangerous, as it allows anyone to steal the console from whoever (if anyone) is using it - even when there's no bitmap screen. I understand there is a fix that disallows TIOCCONS if the caller can't already read from the console, which seems reasonable. I would also like to have a variable somewhere in the kernel, patchable with adb for example, that would disallow TIOCCONS entirely. > Also, does xterm need to chown() the tty device special file to the > user? Yes, and for this xterm needs setuid-root, though a proper rework of the pty stuff would cure it. > Or does the tty driver do this automatically when the process opens > it? It pretty much can't; ownership is an attribute of the special device file, not of the device itself. The driver has no access to the pathname with which the process opened the file. In the case of pseudo-ttys, it might be workable to assume sprintf(...,"/dev/tty%c%x",'p'+(ptyno/16),ptyno%16) but that seems like a dreadful kludge to me. I would much rather build a proper pty mechanism. (Just what that would be, I'm not sure. I haven't thought about it much.) der Mouse old: mcgill-vision!mouse new: mouse@larry.mcrcim.mcgill.edu