meson: allow to customize the access mode for tty/pts devices

Then, switch the default value to "0600", due to general security concerns about terminals being written to by other users. Closing #35599.
author: Yu Watanabe <watanabe.yu+github@gmail.com> 2024-12-16 03:50:53 +0100
committer: Luca Boccassi <luca.boccassi@gmail.com> 2024-12-16 22:36:07 +0100
commit: a4d18914751e687c9e44f22fe4e5f95b843a45c8 (patch)
tree: 637fbd73f34dcde8cd0a08dccca72405f0d0939f /NEWS
parent: networkd: show wireguard private key read error number (diff)
download: systemd-a4d18914751e687c9e44f22fe4e5f95b843a45c8.tar.xz
systemd-a4d18914751e687c9e44f22fe4e5f95b843a45c8.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index e6baa12c40..7563d63d9c 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,11 @@ CHANGES WITH 258 in spe:
 
         Incompatible changes:
 
+        * The default access mode of tty/pts device nodes has been changed to
+          0600, which was 0620 in the older releases, due to general security
+          concerns about terminals being written to by other users. To restore
+          the old default access mode, use '-Dtty-mode=0620' meson build option.
+
         * systemd-run's --expand-environment= switch, which was disabled
           by default when combined with --scope, has been changed to to be
           enabled by default. This brings cmdline expansion of transient
author	Yu Watanabe <watanabe.yu+github@gmail.com>	2024-12-16 03:50:53 +0100
committer	Luca Boccassi <luca.boccassi@gmail.com>	2024-12-16 22:36:07 +0100
commit	a4d18914751e687c9e44f22fe4e5f95b843a45c8 (patch)
tree	637fbd73f34dcde8cd0a08dccca72405f0d0939f /NEWS
parent	networkd: show wireguard private key read error number (diff)
download	systemd-a4d18914751e687c9e44f22fe4e5f95b843a45c8.tar.xz systemd-a4d18914751e687c9e44f22fe4e5f95b843a45c8.zip