Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: your mail

From: ole!rwing!pat () nwnexus wa com (Pat Myrto)
Date: Wed, 30 Mar 94 2:17:01 PST

"In the previous message, Norman Wilson said..."


I've never heard of a `comsec' daemon.  If you mean comsat, that program


Yeh, I was half asleep - I meant comsat.  Fooey.


has to read mailboxes and write to ttys; the latter could be left up to
write(1), and so comsat wouldn't need special permissions for that; the
former could be resolved either by making mailboxes accessible to group
`mail', as already happens on some systems, or (probably better) by
replacing the central comsat with a single process run in the background
by the guy who wants to be biffed, which runs as him and so can read his
mailbox and write his tty and woulndn't need to read utmp at all, let alone
trust it.


Your point is well taken, the rub is, to pull this off (privileged stuff
depending on utmp), will require changing the way a number of things
work.  This might not be feasable for a lot of sites, for political
reasons having to maintain as close a config as possible to the way it
was shipped, or in some places, not having time available.  I suspec
there will be other gotchas, too.  One wonders if a lot of the daemons
HAVE to run as root, or if its because they are by default launched as root
during boot from the rc files, people who design them simply take
advantage of it.

The way the mail is done on the Sun is another annoyance - the world
writable mail spool, for example, because mail/rmail cannot be run
safely as group mail the way its designed.  My point being that half
the daemons need to be re-written/re-designed...  Yeh, the sticky bit
is supposed to save it all, but still...


The best way to make a privileged program safe is to design it so it doesn't
need privileges.
That doesn't mean that is always easiest, and it certainly isn't the first
way people think of implementing things in any given case.


I guess my point is that redesigning half the daemons might not be
a practical way to go for the user.  The OS designer should have
done this.

-- 
pat@rwing  [If all fails, try:  rwing!pat () ole cdac com]  Pat Myrto - Seattle WA
"No one has the right to destroy another person's belief by demanding
empirical evidence."  --   Ann Landers, nationally syndicated advice columnist
and Director at Handgun Control Inc.
Previous By Date Next
Previous By Thread Next

Current thread: