+++ This bug was initially created as a clone of Bug #168436 +++

Description of problem:

If you manage to exec login with a userid other than root, and its input /
output directed to a terminal for which it does not have read/write access,
it will attempt to proceed and can potentially hang forever (see bug 168434).

This was a root cause of mgetty bug 167830, in which mgetty ran login for
a terminal that the userid did not have read/write access for (this problem
will be fixed in a future mgetty release) - but mgetty was doing:
    p = fork();
    if (p==0) 
    {
       redirect stdin / stdout to terminal
       setuid() and setgid() to userid configured in login.config
       exec /bin/login 
    }

If this happens, login could hang forever - it never checks if it has 
read / write access to its terminal before it does tcsetattr(0...) .

I propose making login do so , in check_ttyname(), where it already does 
an lstat:

login.c, @ line 280:
static void
check_ttyname(char *ttyn) {
	struct stat statbuf;

	if (lstat(ttyn, &statbuf)
	    || !S_ISCHR(statbuf.st_mode)
	    || (statbuf.st_nlink > 1 && strncmp(ttyn, "/dev/", 5))
+           || (access(ttyn,R_OK | W_OK) != 0))                                
                                          
        {
		syslog(LOG_ERR, _("FATAL: bad tty"));
		sleep(1);
		exit(1);
	}
}

Version-Release number of selected component (if applicable):
ALL

How reproducible:
100%

Steps to Reproduce:
Exec login with stdin/stdout directed to a terminal for which it does not
have read+write access
  
Actual results:
login can hang forever or exit with unpredictable results

Expected results:
login should exit with an error

Additional info:
mgetty configuration to reproduce this available on request

-- Additional comment from kzak on 2005-10-03 10:36 EST --
Thanks. Add to RHEL proposed list.