Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Chris Evans (chrisscary.beasts.org)
Date: Sat Feb 17 2001 - 18:56:39 CST
On Sun, 18 Feb 2001, Solar Designer wrote:
> I am considering packaging utempter for a distribution and I remember
> some discussions on its (in)security which I now am unable to find.
> (Of course, we're going to audit it, but would also like to make sure
> we don't miss anything that is already known. No audit is perfect.)
> Chris, -- I _think_ you had something on this, but the security-audit
> archives don't show anything.
Hmm - I don't recall any explicit problems. Long long ago, I pointed out
(to RedHat) that it only needed to be sgid utmp and not suid root. I think
Alan audited it?
> Our idea is to restrict utempter to group utempter (with a check in
> the code or directory permissions), such that screen and friends are
> SGID utempter, and utempter itself is SGID utmp.
This is exactly what's in RedHat 6.0 and newer. It's wonderful; it has
made at least 1 "screen" hole and two Xlib holes irrelevant.
Last time I looked, Debain had sgid-utmp xterm et al. I'm also curious why
utempeter isn't in use.