Hello Thomas, On Tue, May 13, 2025 at 06:21:06PM +0200, Dr. Thomas Orgis wrote: > Are you sure the safe default wins? I also read configure.ac as such, > at a first glance … but running plain configure results in > > $ grep PTYMODE config.h > * define PTYMODE if you do not like the default of 0622, which allows > /* #undef PTYMODE */ > > on a Debian 12 machine with perhaps a specific setup because of > multiuser access — exactly the situation where the world-writable ptys > are of most concern. Configure messages: > > configure: checking for ptyranges... > configure: checking default tty permissions/group... > checking for write... /usr/bin/write > checking for xterm... no > - ptys are world accessable
we did not dive this deeply into the configure script logic, we simply assumed it always applies the default without further checks. It seems to work out on openSUSE Tumblweed in the build service context at least. As we stated in the report, explicitly passing the mode, and likely also the group is the recommended way to avoid any uncertainties in this area. Cheers Matthias
signature.asc
Description: PGP signature
