Bugtraq mailing list archives
Re: your mail
From: ole!rwing!pat () nwnexus wa com (Pat Myrto)
Date: Wed, 30 Mar 94 2:17:01 PST
"In the previous message, Norman Wilson said..."
I've never heard of a `comsec' daemon. If you mean comsat, that program
Yeh, I was half asleep - I meant comsat. Fooey.
has to read mailboxes and write to ttys; the latter could be left up to write(1), and so comsat wouldn't need special permissions for that; the former could be resolved either by making mailboxes accessible to group `mail', as already happens on some systems, or (probably better) by replacing the central comsat with a single process run in the background by the guy who wants to be biffed, which runs as him and so can read his mailbox and write his tty and woulndn't need to read utmp at all, let alone trust it.
Your point is well taken, the rub is, to pull this off (privileged stuff depending on utmp), will require changing the way a number of things work. This might not be feasable for a lot of sites, for political reasons having to maintain as close a config as possible to the way it was shipped, or in some places, not having time available. I suspec there will be other gotchas, too. One wonders if a lot of the daemons HAVE to run as root, or if its because they are by default launched as root during boot from the rc files, people who design them simply take advantage of it. The way the mail is done on the Sun is another annoyance - the world writable mail spool, for example, because mail/rmail cannot be run safely as group mail the way its designed. My point being that half the daemons need to be re-written/re-designed... Yeh, the sticky bit is supposed to save it all, but still...
The best way to make a privileged program safe is to design it so it doesn't need privileges. That doesn't mean that is always easiest, and it certainly isn't the first way people think of implementing things in any given case.
I guess my point is that redesigning half the daemons might not be a practical way to go for the user. The OS designer should have done this. -- pat@rwing [If all fails, try: rwing!pat () ole cdac com] Pat Myrto - Seattle WA "No one has the right to destroy another person's belief by demanding empirical evidence." -- Ann Landers, nationally syndicated advice columnist and Director at Handgun Control Inc.
Current thread:
- Re: your mail Pat Myrto (Mar 30)