Re: who

[alan () LXORGUK UKUU ORG UK (Alan Cox)]

> an admin may want to use sgid/suid to prevent users from directly reading
> utmp/wtmp. i think it's good idea, not allowing every one to read files
> they don't need to read.
>
> But that group shouldn't be a general group for
> all kinds of these special permission handlings,
> cause via for example 'who' you can gain access to this group.
>
> i don't know if any distribution defaults to setting any group permissions
> but many sysadmins i know do so.

If you setuid arbitary programs without reviewing them you get hurt.  Thats
to say arbitary programs should not be properly behaved and not do stupid
things based on third party actions. They can't however protect people
from a sysadmin who put 's' bits where he likes without checking the code.

Alan