From owner-freebsd-hackers@FreeBSD.ORG Tue Jun 5 14:30:28 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DC7B410656D0 for ; Tue, 5 Jun 2012 14:30:28 +0000 (UTC) (envelope-from bryan@shatow.net) Received: from secure.xzibition.com (secure.xzibition.com [173.160.118.92]) by mx1.freebsd.org (Postfix) with ESMTP id 8BB0B8FC1B for ; Tue, 5 Jun 2012 14:30:28 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; c=nofws; d=shatow.net; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type; q=dns; s=sweb; b=2L976GtEN//HhZdGE+/o0nybEvzzE5DX YUEEW/eTysySQO05g06UjgymVbpdReuBJVq/mEcHM2ap5yKuRu/uiT3IODAJz5kf LPkaXlZd/Ku0UlZvpll8TOwVsk8rYd898LqH4o07T8ulU/Wr2dOzA2ferN63VH8a EDmz5XdBLik= DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=shatow.net; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type; s=sweb; bh=p7v0hfh3v+dXawZvIUlQqAskHhxxdAFwnaJzDK aRFus=; b=mR3hfTviW725k/AuxSjWPV7SvpAIbO681EDIUBzFkhq3ZzoaF53/uG ghZJfka690cnz5sKrkxW+nKehs3AkwwNIUs6r6viMpLs2rF61LK+h15DQT5GaUUW QOIOCh/w7S3LpBK5NPEYGcbV2lXoircntNmtj9p8HOo0HZKqQWMp0= Received: (qmail 3207 invoked from network); 5 Jun 2012 09:30:26 -0500 Received: from unknown (HELO ?192.168.21.109?) (bryan@shatow.net@74.94.87.209) by sweb.xzibition.com with ESMTPA; 5 Jun 2012 09:30:26 -0500 Message-ID: <4FCE1802.9050509@shatow.net> Date: Tue, 05 Jun 2012 09:30:26 -0500 From: Bryan Drewery User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: Ed Schouten References: <4FCC126C.1020600@shatow.net> In-Reply-To: X-Enigmail-Version: 1.4.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigDF41F924DF6A4149BA3CDF6C" Cc: freebsd-hackers@freebsd.org Subject: Re: [RFC] last(1) with security.bsd.see_other_uids support X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jun 2012 14:30:28 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigDF41F924DF6A4149BA3CDF6C Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 6/5/2012 9:06 AM, Ed Schouten wrote: > Hi Bryan, >=20 > 2012/6/4 Bryan Drewery : >> * Added utmp group >=20 > Why call it utmp? FreeBSD 9+ does not do utmp. It does utmpx. Also, > too many pieces of software already abuse the group `utmp'. Instead of > doing utmp handling with it, it is used to cover all sorts of "this > uses TTYs" scenarios. It wouldn't amaze me if even irssi has setuid > utmp on some systems, simply because it runs on a TTY. Also, there's > no need for consistency. This group name would only be used by the C > library to apply ownership, the log rotator and some of our tools. >=20 Yeah I considered naming it utx or utmpx. It doesn't matter to me really.= > Still, I wonder whether it's worth the effort. In its current form, > you can simply chmod 0600 the utx.* files to hide the information > inside to non-administrative users. I guess you can essentially decide > to make any tool setuid, simply because it can print things referring > to a user. For example, why not have a tool that allows regular users > to view their own auth.log entries? Yes. It's worth the effort because I am willing and able to work on it and as a shared hosting provider, I am constantly asked for access to this information. It makes sense to provide users access to their own dat= a. I also plan to expand similar effort elsewhere. >=20 >> @@ -212,7 +255,30 @@ struct idtab { >> /* Load the last entries from the file. */ >> if (setutxdb(UTXDB_LOG, file) !=3D 0) >> err(1, "%s", file); >> + >> + /* drop setgid now that the db is open */ >> + setgid(getgid()); >> + >> + /* Lookup current user information */ >> + pw =3D getpwuid(getuid()); >> + >> + len =3D sizeof(see_other_uids); >> + if (sysctlbyname("security.bsd.see_other_uids", &see_other_uid= s, &len, >> NULL, 0)) >> + see_other_uids =3D 0; >> + restricted =3D is_user_restricted(pw, see_other_uids); >> + >> while ((ut =3D getutxent()) !=3D NULL) { >> + /* Skip this entry if the invoking user is not permitt= ed >> + * to see it */ >> + if (restricted && >> + !(ut->ut_type =3D=3D BOOT_TIME || >> + ut->ut_type =3D=3D SHUTDOWN_TIME || >> + ut->ut_type =3D=3D OLD_TIME || >> + ut->ut_type =3D=3D NEW_TIME || >> + ut->ut_type =3D=3D INIT_PROCESS) && >> + strncmp(ut->ut_user, pw->pw_name, sizeof(ut->u= t_user))) >> + continue; >> + >> if (amount % 128 =3D=3D 0) { >> buf =3D realloc(buf, (amount + 128) * sizeof *u= t); >> if (buf =3D=3D NULL) >> >=20 > Though not a common case, this code will not work properly when > multiple users share the same uid. Consider comparing against the > username of the logged in user (see getlogin(2)), or resolving the uid > for each entry and comparing the uids. Good find. >=20 > Best regards, Thanks for the input! --=20 Regards, Bryan Drewery bdrewery@freenode, bryan@EFNet --------------enigDF41F924DF6A4149BA3CDF6C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPzhgGAAoJEG54KsA8mwz5ZPIQAJ2I2WcHAgmpvUypNsFje8is W+mWIkKjgTeLt0tG69Gc/31//N+OZynm/z4N4/W1UPufZXwQdTflbsxUUNaqrTnF ht90NUcG8Wux1itZ7rq1PElvZeyFVZA8IkDzd1/OZT6+JNZE5JFj4WqhHqmyyvIu 8YPvuh30CJegqYg76fKBXEg8b/zcxu8c04rLtGI6ffiioBFfIR+bhDWCJKJuNwbR 4RtauYssJAj/jmxBMjtjfxmz4p3OHFzxHl6hb4ooDwrlaUSyW3tJvgouDxG85kyk vXD7FF2aVfVU2LUqQ0jvoJ7rwy+4WXu2sBwKvgBQDAKYEud6iHFGKNiu/axPAjvZ 39ZpsXm5xFlqzcK4DKfOXKLoUsZXB2YUHUpftFfGmMivhTtqZMwweRnlm63wpVNd f5ord1wBjwWcx6xfyXB0IkL4BYkUNLh4jEt7Br9dNqIRAEDXiJdIoRIEkOX0CjpF 5g7X08jWOKINLdmo27qm4fRyJcx4lRv21jW29/2ifvOJ5Kl9/0bkwYqoy8Zk/4un XrD4JRVjcXl1LW8al2zed9bvzK6g5NL1cuu+wePIOy7eqcKc+hL+joStY574o+x1 gkp+SWy4EkSitYiQmtpqf3xomNk67zMuptF9mYnipBcmi53V0OeFX3x94LYuhPHL CiWZJcmU9Re5anqiu0kD =kY7v -----END PGP SIGNATURE----- --------------enigDF41F924DF6A4149BA3CDF6C--