On Sun, 18 Feb 2001, Solar Designer wrote:

> Hi,
>
> I am considering packaging utempter for a distribution and I remember
> some discussions on its (in)security which I now am unable to find.
> (Of course, we're going to audit it, but would also like to make sure
> we don't miss anything that is already known. No audit is perfect.)
>
> Chris, -- I _think_ you had something on this, but the security-audit
> archives don't show anything.

Hmm - I don't recall any explicit problems. Long long ago, I pointed out
(to RedHat) that it only needed to be sgid utmp and not suid root. I think
Alan audited it?

> Our idea is to restrict utempter to group utempter (with a check in
> the code or directory permissions), such that screen and friends are
> SGID utempter, and utempter itself is SGID utmp.

This is exactly what's in RedHat 6.0 and newer. It's wonderful; it has
made at least 1 "screen" hole and two Xlib holes irrelevant.

Last time I looked, Debain had sgid-utmp xterm et al. I'm also curious why
utempeter isn't in use.

Cheers
Chris

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]