NetBSD Problem Report #36060

From www@NetBSD.org  Fri Mar 23 13:40:19 2007
Return-Path: <www@NetBSD.org>
Received: by narn.NetBSD.org (Postfix, from userid 31301)
	id CF6D963B853; Fri, 23 Mar 2007 13:40:19 +0000 (UTC)
Message-Id: <20070323134019.CF6D963B853@narn.NetBSD.org>
Date: Fri, 23 Mar 2007 13:40:19 +0000 (UTC)
From: uwe@NetBSD.org
Reply-To: uwe@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: regression: users cannot dial out with cu/tip
X-Send-Pr-Version: www-1.0

>Number:         36060
>Category:       bin
>Synopsis:       regression: users cannot dial out with cu/tip
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri Mar 23 13:45:00 +0000 2007
>Originator:     Valeriy E. Ushakov
>Release:        NetBSD 4.99.9
>Organization:
>Environment:
NetBSD bigmac 4.99.9 NetBSD 4.99.9 (BIGMAC) #1: Sat Feb 24 01:31:14 MSK 2007  toor@bigmac:/export/netbsd/cvs/src/sys/arch/macppc/compile/BIGMAC macppc

>Description:
Removal of setuid bit from tip/cu introduced a regression.

Permissions setup used to be:

$ ls -l /usr/bin/cu /usr/bin/tip
-r-sr-xr--  1 uucp  dialer  132380 Aug 10  2003 /usr/bin/cu
-r-sr-xr--  1 uucp  dialer   53556 Aug 10  2003 /usr/bin/tip
$ ls -l /dev/dtya
crw-------  1 uucp  wheel  12, 524288 Dec 26  2002 /dev/dtya

so members of group "dialer" could use cu/tip that would setuid to
uucp uid and will be allowed to open /dev/dty


Now cu/tip (which is the same program now) are not setuid, so
ordinary users cannot use cu/tip to dial out, only root can.

This is a regression - users of group "dialer" can no longer dial out.

>How-To-Repeat:
Try to use cu/tip to connect to a modem or remote serial console as
a plain user that is member of group "dialer".

>Fix:
With non-setuid cu/tip dty* devices should be chgrp dialer and g+rw
for nornal users (from "dialer" group) to be able to dial out.

1)  This should be documented in cu/tip man pages and user guide

2a) We can create dty* devices chgrp dialer/chmod g+rw - to restore
    previous beahviour: members of dialer can dial out on any dty

2b) We can leave dty* belonging to wheel and let admin to decide
    which dty devices he wants to make available for dial out
    (by making them chgrp dialer/chmod g+rw)
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.