Full Disclosure mailing list archives
Re: Partial Solution to SUID Problems
From: Valdis.Kletnieks () vt edu
Date: Sat, 06 Dec 2003 20:59:22 -0500
On Sun, 07 Dec 2003 01:59:50 +0100, Michal Zalewski said:
The way I handle this is creating several :0:0: accounts with separate passwords. After login, they will all see themselves as the first user with :0:0 in /etc/passwd, but utmp/wtmp/lastlog entries and syslog messages would refer to the original login account.
That mostly works too, except many shops like to say "exactly 1 UID 0 account" in /etc/passwd - it's a lot easier to flag "there must be exactly one" than "there should be exactly as many as however many people have root access this week". Makes lots of fun at 3AM when the system-check cronjob runs and says there's 6 users where there should be 5 :)
Attachment:
_bin
Description:
Current thread:
- Re: Partial Solution to SUID Problems, (continued)
- Re: Partial Solution to SUID Problems Ciro (Dec 05)
- Re: Partial Solution to SUID Problems Vladimir Parkhaev (Dec 05)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Henning Brauer (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 06)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 07)
- Re: Partial Solution to SUID Problems Karl DeBisschop (Dec 07)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 07)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- Re: Partial Solution to SUID Problems Ciro (Dec 05)
- Re: Partial Solution to SUID Problems Markus Friedl (Dec 07)
- Re: Partial Solution to SUID Problems Brian Hatch (Dec 07)
- Re: Partial Solution to SUID Problems Henning Brauer (Dec 08)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 06)