Date: Thu, 04 Jan 2001 14:30:04 -0500 From: Daniel Hagan <dhagan@colltech.com> To: Guy Helmer <ghelmer@palisadesys.com>, freebsd-security@freebsd.org, freebsd-audit@freebsd.org Subject: Re: ftpd and anonymous setup (modified ftpd) Message-ID: <3A54CF3C.98CA7BF@colltech.com> References: <Pine.LNX.4.21.0101041311230.10523-100000@magellan.palisadesys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Guy Helmer wrote: > Does this do what I think it does -- it appears if I login as a "ro" user, > then login again as a different (not "ro") user, the session will still be > "ro"? Granted, this doesn't happen often, but it seems to violate POLA... Yes, this is the way it works given this patch (it's also explicitly mentioned in the patch to the man page). If you reset the read-only setting here, you need to make a different flag for login.conf read-only caps and the -r read-only setting (since -r is daemon wide and should never be modified at run-time). If people think the POLA effect will be significant enough, I suppose I can rewrite the patch to do that instead. Daniel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A54CF3C.98CA7BF>