Bugtraq mailing list archives
Re: who
From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Wed, 29 Jul 1998 21:30:48 +0100
an admin may want to use sgid/suid to prevent users from directly reading utmp/wtmp. i think it's good idea, not allowing every one to read files they don't need to read. But that group shouldn't be a general group for all kinds of these special permission handlings, cause via for example 'who' you can gain access to this group. i don't know if any distribution defaults to setting any group permissions but many sysadmins i know do so.
If you setuid arbitary programs without reviewing them you get hurt. Thats to say arbitary programs should not be properly behaved and not do stupid things based on third party actions. They can't however protect people from a sysadmin who put 's' bits where he likes without checking the code. Alan
Current thread:
- Re: who Paul Boehm (Jul 29)
- Re: who Alan Cox (Jul 29)