|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: $HOSTALIASES thing.
From: itojun
iijlab.netDate: Sat Nov 04 2000 - 04:09:20 CST
- Next message: matthew green: "re: $HOSTALIASES thing."
- Previous message: Robert Elz: "Re: $HOSTALIASES thing."
- In reply to: Greg A. Woods: "Re: $HOSTALIASES thing."
- Next in thread: matthew green: "re: $HOSTALIASES thing."
- Next in thread: Warner Losh: "Re: $HOSTALIASES thing."
- Reply: itojuniijlab.net: "Re: $HOSTALIASES thing."
- Reply: matthew green: "re: $HOSTALIASES thing."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>> i have the same question. how do the daemon authenticate the
>> guy who asked for wtmp/utmp writes?
>The first obvious check is (for a session start record) to ensure that
>the user owns the tty he's beginning his new session on. Some other
>sanity checks can be done to further enhance the reliability and
>integrity of this scheme too (such as checking that the user does not
>have write permission in /dev, etc.)
still, a bad guy can write an application just for overflowing /var.
with setuid'ed xterm, it is not really possible (bad guy may be able to
start as many xterm as I can). i don't have the complete solution
anyways but i think it still better to use setuid'ed xterm (of course,
xterm should drop setuid earliest possible).
itojun
- Next message: matthew green: "re: $HOSTALIASES thing."
- Previous message: Robert Elz: "Re: $HOSTALIASES thing."
- In reply to: Greg A. Woods: "Re: $HOSTALIASES thing."
- Next in thread: matthew green: "re: $HOSTALIASES thing."
- Next in thread: Warner Losh: "Re: $HOSTALIASES thing."
- Reply: itojuniijlab.net: "Re: $HOSTALIASES thing."
- Reply: matthew green: "re: $HOSTALIASES thing."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]