write(1) selects a wrong tty, because there is not a proper
check of tty group ownership:
$ write kzak
write: kzak is logged in more than once; writing to tty7
write: /dev/tty7: Permission denied
$ ls -la /dev/tty7
crw--w---- 1 root root 4, 7 2008-07-04 00:32 /dev/tty7
^^^^
$ ls -la /usr/bin/write
-rwxr-sr-x 1 root tty 11864 2008-04-02 16:24 /usr/bin/write
^ ^^^
We have to check for tty group owner, because we don't have
permissions to write to arbitrary tty.
Fixed version:
$ write kzak
write: kzak is logged in more than once; writing to pts/6
^^^^
Message from test@nb on pts/7 at 15:22 ...
^C
$ ls -la /dev/pts/6
crw--w---- 1 kzak tty 136, 6 2008-07-07 15:35 /dev/pts/6
^^^
Addresses-Red-Hat-Bugzilla: #454252
Signed-off-by: Karel Zak <kzak@redhat.com>
int term_chk(char *, int *, time_t *, int);
int utmp_chk(char *, char *);
+static gid_t myegid;
+
int
main(int argc, char **argv) {
time_t atime;
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
+ myegid = getegid();
+
/* check that sender has write enabled */
if (isatty(fileno(stdin)))
myttyfd = fileno(stdin);
"write: %s: %s\n", path, strerror(errno));
return(1);
}
- *msgsokP = (s.st_mode & (S_IWRITE >> 3)) != 0; /* group write bit */
+
+ /* group write bit and group ownership */
+ *msgsokP = (s.st_mode & (S_IWRITE >> 3)) && myegid == s.st_gid;
*atimeP = s.st_atime;
return(0);
}
projects / util-linux / commitdiff