> > > By the same token, many people dont run /bin/login suid root. So in this > > instance, you're just swapping one privileged program for another? Is > > login better to have running as root than telnetd? I can think of more > > published holes in login. > > Login inherently has to be run as root. true > It doesn't inherently have to > be suid though. true > If you dont want normal users running login from the > command line you can put an ACL on the file (if you have support for > that in your kernel) OK fair enough. but the unpriviledged user that telnetd was running as is not unprivileged any more. > or you can have the program check the uid of > the invoking process itself (basically an ACL built into the program). ugh :-) > > Also what about changing ownership/permissions of your pty (on BSD based > > pty systems) on login/logout, and writing wtmp records on logout? > > Ah. This is the reason. This is something I wanted to see fixed a > long time ago. There are several ways of handling this. The one > I like is having a program that will write the utmp and chown the > pty all in one step for you. well, i wonder about this. does this program too have an ACL on it so only certain users can access it? if so our unprivileged telnetd user gets more privileged :-) > This program would run at a "utmp" > priveledge level. how can something running with utmp privilege chown pty's? (assume BSD chown(2) for instance).. -- ------------------------------------------+----------------------------------- Mailed using ELM on FreeBSD | Karl Strickland PGP 2.3a Public Key Available. | Internet: karl@bagpuss.demon.co.uk |