Re: /etc/utmp

Scott Chasin (chasin@crimelab.crimelab.com)
Mon, 28 Mar 94 22:35:21 CST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Pat Myrto: "Re: /etc/utmp"
Previous message: David A. Curry: "Re: Making rdist non-suid but still functional"

Norman Wilson (norman@utirc.utoronto.ca) writes:

> Bill Cheswick suggests that programs be made set-groupid `utmp' to write
> on /etc/utmp; Mitch Wright observes that if writing on utmp allows you to
> become super-user, group utmp just becomes another name for userid 0.
> ....

[stuff deleted]

> On a different note, has this discussion perhaps gotten out of hand? I haven't
> been a bugtraq subscriber for very long, but I'd hoped to get more useful
> information and less mere chatter (as this message) than has been going
> on for the past day or so.  Is this what bugtraq is meant to be like,
> or is it time for the discussion to shift to some appropriate newsgroup?
> 
> Norman Wilson
> University of Toronto

I agree.  Although the discussion has been interesting, Lets try to stick
with the purpose of this list.  The discussion detailing the utmp attack
and proposed fixes has been beaten to death.  

With the bugtraq membership growing above 950 recipients, some of which are
local exploders and vendor inside lists, we need to maintain the purpose
of this list (sdy). 

Let's try to keep the redundant material offline and not make this another
c.s.u spin-off.

--S

Please refrain from responding to this message.

--
Scott Chasin <chasin@crimelab.com>

Next message: Pat Myrto: "Re: /etc/utmp"
Previous message: David A. Curry: "Re: Making rdist non-suid but still functional"