Date: Tue, 05 Jun 2012 09:30:26 -0500 From: Bryan Drewery <bryan@shatow.net> To: Ed Schouten <ed@80386.nl> Cc: freebsd-hackers@freebsd.org Subject: Re: [RFC] last(1) with security.bsd.see_other_uids support Message-ID: <4FCE1802.9050509@shatow.net> In-Reply-To: <CAJOYFBDip7142X_pviYFp527u-DXTY-eYObd_oHasRSV9FRwxw@mail.gmail.com> References: <4FCC126C.1020600@shatow.net> <CAJOYFBDip7142X_pviYFp527u-DXTY-eYObd_oHasRSV9FRwxw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On 6/5/2012 9:06 AM, Ed Schouten wrote:
> Hi Bryan,
>
> 2012/6/4 Bryan Drewery <bryan@shatow.net>:
>> * Added utmp group
>
> Why call it utmp? FreeBSD 9+ does not do utmp. It does utmpx. Also,
> too many pieces of software already abuse the group `utmp'. Instead of
> doing utmp handling with it, it is used to cover all sorts of "this
> uses TTYs" scenarios. It wouldn't amaze me if even irssi has setuid
> utmp on some systems, simply because it runs on a TTY. Also, there's
> no need for consistency. This group name would only be used by the C
> library to apply ownership, the log rotator and some of our tools.
>
Yeah I considered naming it utx or utmpx. It doesn't matter to me really.
> Still, I wonder whether it's worth the effort. In its current form,
> you can simply chmod 0600 the utx.* files to hide the information
> inside to non-administrative users. I guess you can essentially decide
> to make any tool setuid, simply because it can print things referring
> to a user. For example, why not have a tool that allows regular users
> to view their own auth.log entries?
Yes. It's worth the effort because I am willing and able to work on it
and as a shared hosting provider, I am constantly asked for access to
this information. It makes sense to provide users access to their own data.
I also plan to expand similar effort elsewhere.
>
>> @@ -212,7 +255,30 @@ struct idtab {
>> /* Load the last entries from the file. */
>> if (setutxdb(UTXDB_LOG, file) != 0)
>> err(1, "%s", file);
>> +
>> + /* drop setgid now that the db is open */
>> + setgid(getgid());
>> +
>> + /* Lookup current user information */
>> + pw = getpwuid(getuid());
>> +
>> + len = sizeof(see_other_uids);
>> + if (sysctlbyname("security.bsd.see_other_uids", &see_other_uids, &len,
>> NULL, 0))
>> + see_other_uids = 0;
>> + restricted = is_user_restricted(pw, see_other_uids);
>> +
>> while ((ut = getutxent()) != NULL) {
>> + /* Skip this entry if the invoking user is not permitted
>> + * to see it */
>> + if (restricted &&
>> + !(ut->ut_type == BOOT_TIME ||
>> + ut->ut_type == SHUTDOWN_TIME ||
>> + ut->ut_type == OLD_TIME ||
>> + ut->ut_type == NEW_TIME ||
>> + ut->ut_type == INIT_PROCESS) &&
>> + strncmp(ut->ut_user, pw->pw_name, sizeof(ut->ut_user)))
>> + continue;
>> +
>> if (amount % 128 == 0) {
>> buf = realloc(buf, (amount + 128) * sizeof *ut);
>> if (buf == NULL)
>>
>
> Though not a common case, this code will not work properly when
> multiple users share the same uid. Consider comparing against the
> username of the logged in user (see getlogin(2)), or resolving the uid
> for each entry and comparing the uids.
Good find.
>
> Best regards,
Thanks for the input!
--
Regards,
Bryan Drewery
bdrewery@freenode, bryan@EFNet
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJPzhgGAAoJEG54KsA8mwz5ZPIQAJ2I2WcHAgmpvUypNsFje8is
W+mWIkKjgTeLt0tG69Gc/31//N+OZynm/z4N4/W1UPufZXwQdTflbsxUUNaqrTnF
ht90NUcG8Wux1itZ7rq1PElvZeyFVZA8IkDzd1/OZT6+JNZE5JFj4WqhHqmyyvIu
8YPvuh30CJegqYg76fKBXEg8b/zcxu8c04rLtGI6ffiioBFfIR+bhDWCJKJuNwbR
4RtauYssJAj/jmxBMjtjfxmz4p3OHFzxHl6hb4ooDwrlaUSyW3tJvgouDxG85kyk
vXD7FF2aVfVU2LUqQ0jvoJ7rwy+4WXu2sBwKvgBQDAKYEud6iHFGKNiu/axPAjvZ
39ZpsXm5xFlqzcK4DKfOXKLoUsZXB2YUHUpftFfGmMivhTtqZMwweRnlm63wpVNd
f5ord1wBjwWcx6xfyXB0IkL4BYkUNLh4jEt7Br9dNqIRAEDXiJdIoRIEkOX0CjpF
5g7X08jWOKINLdmo27qm4fRyJcx4lRv21jW29/2ifvOJ5Kl9/0bkwYqoy8Zk/4un
XrD4JRVjcXl1LW8al2zed9bvzK6g5NL1cuu+wePIOy7eqcKc+hL+joStY574o+x1
gkp+SWy4EkSitYiQmtpqf3xomNk67zMuptF9mYnipBcmi53V0OeFX3x94LYuhPHL
CiWZJcmU9Re5anqiu0kD
=kY7v
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FCE1802.9050509>