COMMAND

    mesg

SYSTEMS AFFECTED

    Digital UNIX 3.2D-1, 3.2G, 4.0 and IRIX

PROBLEM

    This is  rather stupid  and not  much of  a bug,  but it shouldn't
    happen.   Basically,   the  permissions  on   your  tty  are   set
    correctly, with messages on, during login.  If you turn them  off,
    and then turn them back on, your tty becomes world writable.

    Actually, you don't  have to turn  them off, mesg  y automatically
    sets permissions that  way.  There  is  "nothing"  to exploit, but
    people  could  easily  fake  a  write  from  another user, or send
    annoying things anonymously (cat /vmunix > /dev/ttyXX).

        % tty
        /dev/ttyp4
        % ls -l /dev/ttyp4
        crw--w----   2 tom      terminal   6,  4 Apr 29 14:50 /dev/ttyp4
        % mesg n
        % ls -l /dev/ttyp4
        crw-------   2 tom      terminal   6,  4 Apr 29 14:50 /dev/ttyp4
        % mesg y
        % ls -l /dev/ttyp4
        crw--w--w-   2 tom      terminal   6,  4 Apr 29 14:50 /dev/ttyp4

    Credit goes to Tom Leffingwell.
SOLUTION

    Vendors are contacted so  it's up to them.   You can a) keep  your
    tty in mesg n or b) change permission bits by yourself every  time
    you login.  Note that you don't know what tty you are going to get
    so you will have do it manually.