Bugtraq mailing list archives
Re: Request for discussion.
From: karl () bagpuss demon co uk (Karl Strickland)
Date: Tue, 7 Feb 1995 03:40:06 +0000 (GMT)
By the same token, many people dont run /bin/login suid root. So in this instance, you're just swapping one privileged program for another? Is login better to have running as root than telnetd?Yes, (I would argue) it's better to have login setuid than telnet (and rlogind, and whatever else) -- much better to have all the trusted authentication code in one place, and what more logical place than in login?
telnetd and rlogind are a little harder for users to break than /bin/login. consider /bin/login - users can mess with its arguments, its environment etc. (yea yea i know BlixIX 4.5.645.6 clears its environment but its not the point). with telnetd/rlogind, you dont have control over invoking it so your options are more limited.
Also what about changing ownership/permissions of your pty (on BSD based pty systems) on login/logout, and writing wtmp records on logout?The pty permission-setting mechanism on BSD based systems is absolutely *disgusting* (IMHO) from a security perspective.
very true
Do you really trust your wtmp file?
ABSOLUTELY!!! Are you suggesting I should make it 666 or chown it to nobody so that an unpriviledged telnetd can write to it? init(8) likes to write to wtmp too, lets make that run as nobody :-) Then I could really trust it! Oh and dont forget the pagedaemon :-) ps could run without privileges as well if we made /dev/kmem and /dev/drum (or whatever) 644... Now theres an improvement. (Any ultrix people reading this? :-) -- ------------------------------------------+----------------------------------- Mailed using ELM on FreeBSD | Karl Strickland PGP 2.3a Public Key Available. | Internet: karl () bagpuss demon co uk |
Current thread:
- Re: Request for discussion. robert owen thomas (Feb 06)
- Re: Request for discussion. Timothy Newsham (Feb 06)
- <Possible follow-ups>
- Re: Request for discussion. Timothy Newsham (Feb 06)
- Re: Request for discussion. Karl Strickland (Feb 06)
- Re: Request for discussion. Timothy Newsham (Feb 06)
- Re: Request for discussion. Karl Strickland (Feb 06)
- Re: Request for discussion. Casper Dik (Feb 07)
- Re: Request for discussion. Timothy Newsham (Feb 07)
- Possible backdoor in ftpd? James Seng (Feb 07)
- Re: Request for discussion. Karl Strickland (Feb 06)
- Re: Request for discussion. Stephen D. Williams (Feb 07)
- Re: Request for discussion. Aleph One (Feb 07)
- Re: Request for discussion. Julian Assange (Feb 08)
- Re: Request for discussion. Casper Dik (Feb 08)
- Re: Request for discussion. Karl Strickland (Feb 08)
- Re: Request for discussion. Casper Dik (Feb 08)
- Sniffer FAQ Christopher Klaus (May 27)
- Security FAQes Update Christopher Klaus (May 27)
- Re: Request for discussion. Silicon Avatar (Feb 09)