On Fri, Sep 07, 2012 at 09:45:09AM -0400, Christos Zoulas wrote: > On Sep 7, 9:20pm, tsut...@ceres.dti.ne.jp (Izumi Tsutsui) wrote: > -- Subject: Re: CVS commit: src/etc > > | > Easier maybe, but we do not realy want those device nodes on typical /dev > | > filesystems (at least that was my understanding). > | > | - What's the actual benefits on removing those device nodes on /dev? > | Is it more important than possible fallouts in install materials? > > When ptyfs is mounted the pty nodes in ptyfs are used and not the entries > in /dev. The entries in /dev have the same major and minor numbers and they > are not chowned chmod'ed appropriately (they are world readable and writable). > So anyone can spy on you (fortunately TIOCSTI is limited to the superuser > so random people cannot write to your terminal). This is a security issue. > The old pty allocation code required superuser access to chown/chmod the > tty device nodes.
I thought (without checking) that they would be owned by root, group tty with at most user read and user/group write until they are actually used. Once used they get a chown (etc) and might not get reset again. David -- David Laight: da...@l8s.co.uk