From a5883d4eccb94b16c355987f58f86a7dee17a0c2 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 3 Sep 2014 18:55:07 +0000
Subject: upstream commit

tighten permissions on pty when the "tty" group does
 not exist; pointed out by Corinna Vinschen; ok markus
---
 sshpty.c | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

(limited to 'sshpty.c')

diff --git a/sshpty.c b/sshpty.c
index a2059b76d..d2ff8c16a 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshpty.c,v 1.28 2007/09/11 23:49:09 stevesk Exp $ */
+/* $OpenBSD: sshpty.c,v 1.29 2014/09/03 18:55:07 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -196,13 +196,8 @@ pty_setowner(struct passwd *pw, const char *tty)
 
 	/* Determine the group to make the owner of the tty. */
 	grp = getgrnam("tty");
-	if (grp) {
-		gid = grp->gr_gid;
-		mode = S_IRUSR | S_IWUSR | S_IWGRP;
-	} else {
-		gid = pw->pw_gid;
-		mode = S_IRUSR | S_IWUSR | S_IWGRP | S_IWOTH;
-	}
+	gid = (grp != NULL) ? grp->gr_gid : pw->pw_gid;
+	mode = (grp != NULL) ? 0622 : 0600;
 
 	/*
 	 * Change owner and mode of the tty as required.
-- 
cgit v1.2.3