Bug 239070 (CVE-2007-2797) - CVE-2007-2797 Wrong settings for the tty (mesg: error: tty device is not owned by group `tty')
Summary: CVE-2007-2797 Wrong settings for the tty (mesg: error: tty device is not owne...
Alias: CVE-2007-2797
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
: 247429 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2007-05-04 18:23 UTC by Klaus Ethgen
Modified: 2019-09-29 12:20 UTC (History)
2 users (show)

Fixed In Version: RHSA-2007-0701
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-11-15 15:02:42 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0701 0 normal SHIPPED_LIVE Low: xterm security update 2007-11-15 15:02:39 UTC

Description Klaus Ethgen 2007-05-04 18:23:21 UTC
Description of problem:
The new xterm with upgrade 5 of WS4 set the permissions of the tty in a wrong 
way. Everytime I open a new terminal I get the message:

mesg: error: tty device is not owned by group `tty'

In fact the tty is owned by my native group.

Version-Release number of selected component (if applicable):
The bug is in xterm-192-7.el4
The version xterm-192-4.EL4 is error free

Steps to Reproduce:
1. Install xterm-192-7.el4
2. Start a xterm
3. Optional "ls -l `tty`"
Actual results:
The message "mesg: error: tty device is not owned by group `tty'" and wrong 
rights of `tty`

Expected results:
a tty with the group rights tty

Additional info:
This bug was also on Debian/GNU Linux more than one year ago. The bug is still 
on state "pending" but should be closed as the problem is gone (also long time 
ago): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349924

Comment 1 Miroslav Lichvar 2007-05-07 08:14:16 UTC
Unfortunately a change in build environment caused a wrong group to be used as
tty group.

Comment 2 RHEL Program Management 2007-05-07 08:26:31 UTC
This bugzilla has Keywords: Regression.  

Since no regressions are allowed between releases, 
it is also being proposed as a blocker for this release.  

Please resolve ASAP.

Comment 3 Thomas E. Dickey 2007-05-07 10:11:59 UTC
Does the RPM use "--with-tty-group"?
I thought that would address this area.

Comment 4 Miroslav Lichvar 2007-05-07 10:28:51 UTC
The option fixes the problem, but it was introduced in a later version than the
version packaged in RHEL4.

Comment 5 Miroslav Lichvar 2007-07-09 10:06:37 UTC
*** Bug 247429 has been marked as a duplicate of this bug. ***

Comment 11 errata-xmlrpc 2007-11-15 15:02:42 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.