From owner-freebsd-hackers@FreeBSD.ORG Tue Jun 5 14:06:29 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CAF811065670 for ; Tue, 5 Jun 2012 14:06:29 +0000 (UTC) (envelope-from edschouten@gmail.com) Received: from mail-we0-f182.google.com (mail-we0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 575CE8FC1A for ; Tue, 5 Jun 2012 14:06:29 +0000 (UTC) Received: by werg1 with SMTP id g1so4572587wer.13 for ; Tue, 05 Jun 2012 07:06:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=KkF33M2HeE8JwtW+2XpVhoeLXr27Q7KSjmsmhlQ7Kx0=; b=F8+wsagS6pYStxXFFumNj0OxaVZ+jrpNxPLHcjRaIkp3MUQuSjkCpzOK/nre4ScEBG RaPUQGdo6mu9HHggUpYakAgSLodgTPlc9mm0jqP4MABa+glIo8mEVOpBhZU47kApBSs6 134mtstNhw5fgiyxVtt2eteMszvB9CAmPzCJ1JdtQe1DIm6KKE5V1CbsL1F8a5CF1+Ju 0pI//wVNmW6BQqzc3HfC+P8yW0kgGdWC+zP/b6lhicoae8NY2Fui4jZ5EZQolzFeoi71 YheRYe2/9ijAMvDio0ZJrTRlpOAX1sAIzxVZFTkCJDZoGXShhPKXxEJ8mp5mkzXThYLb ZOfQ== MIME-Version: 1.0 Received: by 10.216.70.10 with SMTP id o10mr14355309wed.51.1338905188165; Tue, 05 Jun 2012 07:06:28 -0700 (PDT) Sender: edschouten@gmail.com Received: by 10.223.151.7 with HTTP; Tue, 5 Jun 2012 07:06:28 -0700 (PDT) In-Reply-To: <4FCC126C.1020600@shatow.net> References: <4FCC126C.1020600@shatow.net> Date: Tue, 5 Jun 2012 16:06:28 +0200 X-Google-Sender-Auth: lL3RxosVMX5oSXm70_Vlui_Z6Zg Message-ID: From: Ed Schouten To: Bryan Drewery Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-hackers@freebsd.org Subject: Re: [RFC] last(1) with security.bsd.see_other_uids support X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jun 2012 14:06:29 -0000 Hi Bryan, 2012/6/4 Bryan Drewery : > * Added utmp group Why call it utmp? FreeBSD 9+ does not do utmp. It does utmpx. Also, too many pieces of software already abuse the group `utmp'. Instead of doing utmp handling with it, it is used to cover all sorts of "this uses TTYs" scenarios. It wouldn't amaze me if even irssi has setuid utmp on some systems, simply because it runs on a TTY. Also, there's no need for consistency. This group name would only be used by the C library to apply ownership, the log rotator and some of our tools. Still, I wonder whether it's worth the effort. In its current form, you can simply chmod 0600 the utx.* files to hide the information inside to non-administrative users. I guess you can essentially decide to make any tool setuid, simply because it can print things referring to a user. For example, why not have a tool that allows regular users to view their own auth.log entries? > @@ -212,7 +255,30 @@ struct idtab { > =C2=A0 =C2=A0 =C2=A0 =C2=A0/* Load the last entries from the file. */ > =C2=A0 =C2=A0 =C2=A0 =C2=A0if (setutxdb(UTXDB_LOG, file) !=3D 0) > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0err(1, "%s", file)= ; > + > + =C2=A0 =C2=A0 =C2=A0 /* drop setgid now that the db is open */ > + =C2=A0 =C2=A0 =C2=A0 setgid(getgid()); > + > + =C2=A0 =C2=A0 =C2=A0 /* Lookup current user information */ > + =C2=A0 =C2=A0 =C2=A0 pw =3D getpwuid(getuid()); > + > + =C2=A0 =C2=A0 =C2=A0 len =3D sizeof(see_other_uids); > + =C2=A0 =C2=A0 =C2=A0 if (sysctlbyname("security.bsd.see_other_uids", &s= ee_other_uids, &len, > NULL, 0)) > + =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 see_other_uids =3D 0; > + =C2=A0 =C2=A0 =C2=A0 restricted =3D is_user_restricted(pw, see_other_ui= ds); > + > =C2=A0 =C2=A0 =C2=A0 =C2=A0while ((ut =3D getutxent()) !=3D NULL) { > + =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 /* Skip this entry if = the invoking user is not permitted > + =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0* to see it */ > + =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if (restricted && > + =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 !(ut->ut_type =3D=3D BOOT_TIME || > + =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ut->ut_type =3D=3D SHUTDOWN_TIME || > + =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ut->ut_type =3D=3D OLD_TIME || > + =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ut->ut_type =3D=3D NEW_TIME || > + =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ut->ut_type =3D=3D INIT_PROCESS) && > + =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 strncmp(ut->ut_user, pw->pw_name, sizeof(ut->ut_user))) > + =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 continue; > + > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0if (amount % 128 = =3D=3D 0) { > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0buf =3D realloc(buf, (amount + 128) * sizeof *ut); > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0if (buf =3D=3D NULL) > Though not a common case, this code will not work properly when multiple users share the same uid. Consider comparing against the username of the logged in user (see getlogin(2)), or resolving the uid for each entry and comparing the uids. Best regards, --=20 Ed Schouten