Bugtraq mailing list archives
Re: /etc/utmp
From: mengel () dcdmwm fnal gov (Marc W. Mengel)
Date: Mon, 28 Mar 94 17:05:57 -0600
In <9403281947.AA24016@coronado> you write: >>>>> "ches" == ches <ches () research att com> writes: ches> In <9403252218.AA14294 () rwing UUCP> you write: I don't know of a ches> specific patch, for this. But the only REAL fix is to make the ches> /etc/utmp file so it is not world-writeable. That means, of ches> course, fixing anything that must update it, other than login or ches> init to run SUID root without creating a worse hole. ches> To quote our President: "NO NO NO NO NO NO NO ..." :-) ches> Making things setuid root is almost always wrong. Make a new ches> group, say group "utmp", and make anything that needs to deal ches> with utmp what if a file has to be group "utmp" and.... for some stupid reason... anther gid? The one thing that gets me about UNIX file perms is that a single file can't be in multiple groups. Scott ps: ARE there are cases of this? where something needs to be in line utmp and another group? I think the situation is pretty rare; but if it needs to do things with two sets of permissions, have it run two children, one with permission to do one thing, and a second with permission to do the other; talk to 'em with pipes or some such. Next, you can go halfway, make the program setuid, have it initally add 2 or 3 group id's, and then setuid itself back to the user, before doing *anything* else. That way there's little or no chance of the user being able to break your code and make you do anything dangerous while you're still root. After all, it's pretty hard to make main(int argc,char **argv) { static int mygroups[] = {2,5,7}; setgroups(3, mygroups); setuid(getuid()); /* now actually do work */ } do anything while it's still root except maybe drop core.
Current thread:
- Re: /etc/utmp Marc W. Mengel (Mar 28)
- <Possible follow-ups>
- Re: /etc/utmp Bob Manson (Mar 28)
- Re: /etc/utmp Pat Myrto (Mar 28)
- Re: /etc/utmp Casper Dik (Mar 28)
- Re: /etc/utmp Scott Chasin (Mar 28)
- Re: /etc/utmp Pat Myrto (Mar 29)
- Re: /etc/utmp Pat Myrto (Mar 29)