Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 05 Jun 2012 09:30:26 -0500
From:      Bryan Drewery <bryan@shatow.net>
To:        Ed Schouten <ed@80386.nl>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: [RFC] last(1) with security.bsd.see_other_uids support
Message-ID:  <4FCE1802.9050509@shatow.net>
In-Reply-To: <CAJOYFBDip7142X_pviYFp527u-DXTY-eYObd_oHasRSV9FRwxw@mail.gmail.com>
References:  <4FCC126C.1020600@shatow.net> <CAJOYFBDip7142X_pviYFp527u-DXTY-eYObd_oHasRSV9FRwxw@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigDF41F924DF6A4149BA3CDF6C
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 6/5/2012 9:06 AM, Ed Schouten wrote:
> Hi Bryan,
>=20
> 2012/6/4 Bryan Drewery <bryan@shatow.net>:
>> * Added utmp group
>=20
> Why call it utmp? FreeBSD 9+ does not do utmp. It does utmpx. Also,
> too many pieces of software already abuse the group `utmp'. Instead of
> doing utmp handling with it, it is used to cover all sorts of "this
> uses TTYs" scenarios. It wouldn't amaze me if even irssi has setuid
> utmp on some systems, simply because it runs on a TTY. Also, there's
> no need for consistency. This group name would only be used by the C
> library to apply ownership, the log rotator and some of our tools.
>=20

Yeah I considered naming it utx or utmpx. It doesn't matter to me really.=


> Still, I wonder whether it's worth the effort. In its current form,
> you can simply chmod 0600 the utx.* files to hide the information
> inside to non-administrative users. I guess you can essentially decide
> to make any tool setuid, simply because it can print things referring
> to a user. For example, why not have a tool that allows regular users
> to view their own auth.log entries?

Yes. It's worth the effort because I am willing and able to work on it
and as a shared hosting provider, I am constantly asked for access to
this information. It makes sense to provide users access to their own dat=
a.

I also plan to expand similar effort elsewhere.

>=20
>> @@ -212,7 +255,30 @@ struct idtab {
>>        /* Load the last entries from the file. */
>>        if (setutxdb(UTXDB_LOG, file) !=3D 0)
>>                err(1, "%s", file);
>> +
>> +       /* drop setgid now that the db is open */
>> +       setgid(getgid());
>> +
>> +       /* Lookup current user information */
>> +       pw =3D getpwuid(getuid());
>> +
>> +       len =3D sizeof(see_other_uids);
>> +       if (sysctlbyname("security.bsd.see_other_uids", &see_other_uid=
s, &len,
>> NULL, 0))
>> +               see_other_uids =3D 0;
>> +       restricted =3D is_user_restricted(pw, see_other_uids);
>> +
>>        while ((ut =3D getutxent()) !=3D NULL) {
>> +               /* Skip this entry if the invoking user is not permitt=
ed
>> +                * to see it */
>> +               if (restricted &&
>> +                       !(ut->ut_type =3D=3D BOOT_TIME ||
>> +                               ut->ut_type =3D=3D SHUTDOWN_TIME ||
>> +                               ut->ut_type =3D=3D OLD_TIME ||
>> +                               ut->ut_type =3D=3D NEW_TIME ||
>> +                               ut->ut_type =3D=3D INIT_PROCESS) &&
>> +                       strncmp(ut->ut_user, pw->pw_name, sizeof(ut->u=
t_user)))
>> +                       continue;
>> +
>>                if (amount % 128 =3D=3D 0) {
>>                        buf =3D realloc(buf, (amount + 128) * sizeof *u=
t);
>>                        if (buf =3D=3D NULL)
>>
>=20
> Though not a common case, this code will not work properly when
> multiple users share the same uid. Consider comparing against the
> username of the logged in user (see getlogin(2)), or resolving the uid
> for each entry and comparing the uids.

Good find.

>=20
> Best regards,

Thanks for the input!

--=20
Regards,
Bryan Drewery
bdrewery@freenode, bryan@EFNet


--------------enigDF41F924DF6A4149BA3CDF6C
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPzhgGAAoJEG54KsA8mwz5ZPIQAJ2I2WcHAgmpvUypNsFje8is
W+mWIkKjgTeLt0tG69Gc/31//N+OZynm/z4N4/W1UPufZXwQdTflbsxUUNaqrTnF
ht90NUcG8Wux1itZ7rq1PElvZeyFVZA8IkDzd1/OZT6+JNZE5JFj4WqhHqmyyvIu
8YPvuh30CJegqYg76fKBXEg8b/zcxu8c04rLtGI6ffiioBFfIR+bhDWCJKJuNwbR
4RtauYssJAj/jmxBMjtjfxmz4p3OHFzxHl6hb4ooDwrlaUSyW3tJvgouDxG85kyk
vXD7FF2aVfVU2LUqQ0jvoJ7rwy+4WXu2sBwKvgBQDAKYEud6iHFGKNiu/axPAjvZ
39ZpsXm5xFlqzcK4DKfOXKLoUsZXB2YUHUpftFfGmMivhTtqZMwweRnlm63wpVNd
f5ord1wBjwWcx6xfyXB0IkL4BYkUNLh4jEt7Br9dNqIRAEDXiJdIoRIEkOX0CjpF
5g7X08jWOKINLdmo27qm4fRyJcx4lRv21jW29/2ifvOJ5Kl9/0bkwYqoy8Zk/4un
XrD4JRVjcXl1LW8al2zed9bvzK6g5NL1cuu+wePIOy7eqcKc+hL+joStY574o+x1
gkp+SWy4EkSitYiQmtpqf3xomNk67zMuptF9mYnipBcmi53V0OeFX3x94LYuhPHL
CiWZJcmU9Re5anqiu0kD
=kY7v
-----END PGP SIGNATURE-----

--------------enigDF41F924DF6A4149BA3CDF6C--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FCE1802.9050509>