Bugtraq mailing list archives
Re: who
From: paul () BOEHM ORG (Paul Boehm)
Date: Wed, 29 Jul 1998 14:19:32 +0200
On Wed, Jul 29, 1998 at 01:03:11PM +0100, Alan Cox wrote:
which is allowed to read utmp. On redhat linux 5.1 you can easily crash who by many different ways (e.g. try who /bin/bash)Its not running with any kind of setuid or setgid permissions in any Linux I know of.
an admin may want to use sgid/suid to prevent users from directly reading utmp/wtmp. i think it's good idea, not allowing every one to read files they don't need to read. But that group shouldn't be a general group for all kinds of these special permission handlings, cause via for example 'who' you can gain access to this group. i don't know if any distribution defaults to setting any group permissions but many sysadmins i know do so. bye, pb -- [ Paul S. Boehm | paul () boehm priv at | http://paul.boehm.org/ | infected@irc ] Money is what gives a programmer his resources. It's an exchange system created by human beings. It surrounds us. Works for us, binds the economy together.
Current thread:
- Re: who Paul Boehm (Jul 29)
- Re: who Alan Cox (Jul 29)