Re: Request for discussion.

[karl () bagpuss demon co uk (Karl Strickland)]

> > By the same token, many people dont run /bin/login suid root.  So in this
> > instance, you're just swapping one privileged program for another?  Is
> > login better to have running as root than telnetd?  I can think of more
> > published holes in login.
>
> Login inherently has to be run as root.

true

> It doesn't inherently have to
> be suid though.

true

> If you dont want normal users running login from the
> command line you can put an ACL on the file (if you have support for
> that in your kernel)

OK fair enough.  but the unpriviledged user that telnetd was running
as is not unprivileged any more.

> or you can have the program check the uid of
> the invoking process itself (basically an ACL built into the program).

ugh:-)

> > Also what about changing ownership/permissions of your pty (on BSD based
> > pty systems) on login/logout, and writing wtmp records on logout?
>
> Ah.  This is the reason.  This is something I wanted to see fixed a
> long time ago.  There are several ways of handling this.  The one
> I like is having a program that will write the utmp and chown the
> pty all in one step for you.

well, i wonder about this.  does this program too have an ACL on it so
only certain users can access it?  if so our unprivileged telnetd user
gets more privileged :-)

> This program would run at a "utmp"
> priveledge level.

how can something running with utmp privilege chown pty's?  (assume
BSD chown(2) for instance)..

-- 
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD               |                    Karl Strickland
PGP 2.3a Public Key Available.            | Internet: karl () bagpuss demon co uk
                                          |