Red Hat Bugzilla – Bug 65412
wall(1) over-trusts utmp contents
Last modified: 2014-03-16 22:27:35 EDT
wall can be tricked into sending its messages to any file or device.
1. Login on the tty1
# sed 's%tty1%port%g' </var/run/utmp > ut2
# mv ut2 /var/run/utmp
Clearly, other programs should ensure that nobody can mess with utmp, but I
think that wall should be fixed to refuse to send messages to anything but a tty.
isatty() added in 2.84-5; thanks!