Re: Request for discussion.
Karl Strickland (karl@bagpuss.demon.co.uk)
Tue, 7 Feb 1995 03:32:07 +0000 (GMT)
>
> > By the same token, many people dont run /bin/login suid root. So in this
> > instance, you're just swapping one privileged program for another? Is
> > login better to have running as root than telnetd? I can think of more
> > published holes in login.
>
> Login inherently has to be run as root.
true
> It doesn't inherently have to
> be suid though.
true
> If you dont want normal users running login from the
> command line you can put an ACL on the file (if you have support for
> that in your kernel)
OK fair enough. but the unpriviledged user that telnetd was running
as is not unprivileged any more.
> or you can have the program check the uid of
> the invoking process itself (basically an ACL built into the program).
ugh :-)
> > Also what about changing ownership/permissions of your pty (on BSD based
> > pty systems) on login/logout, and writing wtmp records on logout?
>
> Ah. This is the reason. This is something I wanted to see fixed a
> long time ago. There are several ways of handling this. The one
> I like is having a program that will write the utmp and chown the
> pty all in one step for you.
well, i wonder about this. does this program too have an ACL on it so
only certain users can access it? if so our unprivileged telnetd user
gets more privileged :-)
> This program would run at a "utmp"
> priveledge level.
how can something running with utmp privilege chown pty's? (assume
BSD chown(2) for instance)..
--
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD | Karl Strickland
PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk
|