Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240328083841.bua26s3neakdegmg@jwilk.net>
Date: Thu, 28 Mar 2024 09:38:41 +0100
From: Jakub Wilk <jwilk@...lk.net>
To: <oss-security@...ts.openwall.com>
Subject: Re: Re: CVE-2024-28085: Escape sequence injection in
 util-linux wall

* nightmare.yeah27@...ecat.org, 2024-03-27 13:57:
>/etc/default/devpts

This file is used by sysvinit when mounting /dev/pts.

systemd doesn't use it. It mounts /dev/pts with mode=620 by default.

>/etc/login.defs

As far as I can see, TTYPERM from login.defs is used only by login(1) 
and sometimes¹ by su(1). If you log in through SSH, or run xterm(1) or 
screen(1) or... it won't have any effect.

It's all awful and undocumented.


¹ https://github.com/util-linux/util-linux/commit/17d5b264367debb7
   ("su: (pty) change owner and mode for pty")

-- 
Jakub Wilk

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.