]> err.no Git - util-linux/commitdiff
write: doesn't check for tty group
authorKarel Zak <kzak@redhat.com>
Mon, 7 Jul 2008 13:22:22 +0000 (15:22 +0200)
committerKarel Zak <kzak@redhat.com>
Mon, 7 Jul 2008 20:25:53 +0000 (22:25 +0200)
write(1) selects a wrong tty, because there is not a proper
check of tty group ownership:

$ write kzak
write: kzak is logged in more than once; writing to tty7
write: /dev/tty7: Permission denied

$ ls -la /dev/tty7
crw--w---- 1 root root 4, 7 2008-07-04 00:32 /dev/tty7
                  ^^^^

$ ls -la /usr/bin/write
-rwxr-sr-x 1 root tty 11864 2008-04-02 16:24 /usr/bin/write
      ^           ^^^

We have to check for tty group owner, because we don't have
permissions to write to arbitrary tty.

Fixed version:

$ write kzak
write: kzak is logged in more than once; writing to pts/6
                                                    ^^^^
Message from test@nb on pts/7 at 15:22 ...

^C

$ ls -la /dev/pts/6
crw--w---- 1 kzak tty 136, 6 2008-07-07 15:35 /dev/pts/6
                  ^^^

Addresses-Red-Hat-Bugzilla: #454252
Signed-off-by: Karel Zak <kzak@redhat.com>
misc-utils/write.c

index 46b8f0acf2d728e0aecc286f68444bb56352430d..276fe96d4c86f9245aad7aafb245c8cd91b48bec 100644 (file)
@@ -72,6 +72,8 @@ static void done(int);
 int term_chk(char *, int *, time_t *, int);
 int utmp_chk(char *, char *);
 
+static gid_t myegid;
+
 int
 main(int argc, char **argv) {
        time_t atime;
@@ -83,6 +85,8 @@ main(int argc, char **argv) {
        bindtextdomain(PACKAGE, LOCALEDIR);
        textdomain(PACKAGE);
 
+       myegid = getegid();
+
        /* check that sender has write enabled */
        if (isatty(fileno(stdin)))
                myttyfd = fileno(stdin);
@@ -267,7 +271,9 @@ int term_chk(char *tty, int *msgsokP, time_t *atimeP, int showerror)
                            "write: %s: %s\n", path, strerror(errno));
                return(1);
        }
-       *msgsokP = (s.st_mode & (S_IWRITE >> 3)) != 0;  /* group write bit */
+
+       /* group write bit and group ownership */
+       *msgsokP = (s.st_mode & (S_IWRITE >> 3)) && myegid == s.st_gid;
        *atimeP = s.st_atime;
        return(0);
 }