> >Ok, for TIOCSTI, there are effectively three choices here.
> >
> > 1. maintain the current behaviour, which appears to require
> > PRIV_ALL
> > 2. modify the behaviour to allow the device owner to use TIOCSTI,
> > when the sessions match.
> > 3. modify the behaviour to allow the device owner to use TIOCSTI
> > regardless of session.
> >
> >Casper appears to believe that 1 is the only sane answer. Nico appears
> >to believe that 2 is a reasonable answer. I suspect that 3 is off the
> >table.
>
> The current implementation is:
> if the ioctl flag is FREAD (read-only), then require all
or EPERM
> else
> if (the session is the same as the current session)
> then ok
> else
> require all
or EACCES
> So I'd say that the current behaviour is choice #2.
>
> But I think that's not what you actually want.
If the return is EPERM, then pconsole has a bug that should just
be fixed. If it is EACCES, then the question is why is it going
after a tty not in its session? If pconsole's reason for existance
is to violate the TIOCSTI, then either 3 or a Rights Profile is the
way forward.
BTW, has the question of policy on other systems that implement
TIOCSTI been answered?
Gary..
