Bugtraq mailing list archives

Re: /etc/utmp

From: ole!rwing!pat () nwnexus wa com (Pat Myrto)
Date: Tue, 29 Mar 94 7:02:33 PST


"In the previous message, Norman Wilson said..."


Bill Cheswick suggests that programs be made set-groupid `utmp' to write
on /etc/utmp; Mitch Wright observes that if writing on utmp allows you to
become super-user, group utmp just becomes another name for userid 0.
This is true if there is really some program that trusts the contents
of utmp and must itself run as the super-user.  Are there any such
programs?  I can't think of any.


Consider the comsec daemon for one example.

-- 
pat@rwing  [If all fails, try:  rwing!pat () ole cdac com]  Pat Myrto - Seattle WA
"No one has the right to destroy another person's belief by demanding
empirical evidence."  --   Ann Landers, nationally syndicated advice columnist
and Director at Handgun Control Inc.

Current thread:

Re: /etc/utmp Marc W. Mengel (Mar 28)
- <Possible follow-ups>
- Re: /etc/utmp Bob Manson (Mar 28)
- Re: /etc/utmp Pat Myrto (Mar 28)
  - Re: /etc/utmp Casper Dik (Mar 28)
- Re: /etc/utmp Scott Chasin (Mar 28)
- Re: /etc/utmp Pat Myrto (Mar 29)
- Re: /etc/utmp Pat Myrto (Mar 29)