Re: Request for discussion.

[karl () bagpuss demon co uk (Karl Strickland)]

> > By the same token, many people dont run /bin/login suid root.  So in this
> > instance, you're just swapping one privileged program for another?  Is
> > login better to have running as root than telnetd?
>
> Yes, (I would argue) it's better to have login setuid than telnet
> (and rlogind, and whatever else) -- much better to have all the
> trusted authentication code in one place, and what more logical
> place than in login?

telnetd and rlogind are a little harder for users to break than /bin/login.
consider /bin/login - users can mess with its arguments, its environment etc.
(yea yea i know BlixIX 4.5.645.6 clears its environment but its not the point).
with telnetd/rlogind, you dont have control over invoking it so your options
are more limited.

> > Also what about changing ownership/permissions of your pty (on BSD based
> > pty systems) on login/logout, and writing wtmp records on logout?
>
> The pty permission-setting mechanism on BSD based systems is
> absolutely *disgusting* (IMHO) from a security perspective.

very true

> Do you really trust your wtmp file?

ABSOLUTELY!!!

Are you suggesting I should make it 666 or chown it to nobody so that
an unpriviledged telnetd can write to it?  init(8) likes to write to
wtmp too, lets make that run as nobody :-)

Then I could really trust it!

Oh and dont forget the pagedaemon :-)  ps could run without privileges as well
if we made /dev/kmem and /dev/drum (or whatever) 644...  Now theres an
improvement.  (Any ultrix people reading this? :-)
-- 
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD               |                    Karl Strickland
PGP 2.3a Public Key Available.            | Internet: karl () bagpuss demon co uk
                                          |