> >Ok, for TIOCSTI, there are effectively three choices here. > > > > 1. maintain the current behaviour, which appears to require > > PRIV_ALL > > 2. modify the behaviour to allow the device owner to use TIOCSTI, > > when the sessions match. > > 3. modify the behaviour to allow the device owner to use TIOCSTI > > regardless of session. > > > >Casper appears to believe that 1 is the only sane answer. Nico appears > >to believe that 2 is a reasonable answer. I suspect that 3 is off the > >table. > > The current implementation is: > if the ioctl flag is FREAD (read-only), then require all or EPERM > else > if (the session is the same as the current session) > then ok > else > require all
or EACCES > So I'd say that the current behaviour is choice #2. > > But I think that's not what you actually want. If the return is EPERM, then pconsole has a bug that should just be fixed. If it is EACCES, then the question is why is it going after a tty not in its session? If pconsole's reason for existance is to violate the TIOCSTI, then either 3 or a Rights Profile is the way forward. BTW, has the question of policy on other systems that implement TIOCSTI been answered? Gary..