Re: /etc/utmp

ches@research.att.com
Mon, 28 Mar 94 13:07 EST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: ches@research.att.com: "Re: /etc/utmp"
Previous message: Icarus Sparry: "Re: /etc/utmp"
In reply to: Pat Myrto: "Re: /etc/utmp"
Next in thread: ches@research.att.com: "Re: /etc/utmp"

In <9403252218.AA14294@rwing.UUCP>  you write:
  I don't know of a specific patch, for this.  But the only REAL fix is
  to make the /etc/utmp file so it is not world-writeable.  That means,
  of course, fixing anything that must update it, other than login or init
  to run SUID root without creating a worse hole.  

To quote our President: "NO NO NO NO NO NO NO ..." :-)

Making things setuid root is almost always wrong.   Make a new group,
say group "utmp", and make anything that needs to deal with utmp

Next message: ches@research.att.com: "Re: /etc/utmp"
Previous message: Icarus Sparry: "Re: /etc/utmp"
In reply to: Pat Myrto: "Re: /etc/utmp"
Next in thread: ches@research.att.com: "Re: /etc/utmp"