From owner-freebsd-hackers@FreeBSD.ORG Wed Jun 6 11:22:07 2012 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D0F41065688 for ; Wed, 6 Jun 2012 11:22:07 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.dawidek.net (60.wheelsystems.com [83.12.187.60]) by mx1.freebsd.org (Postfix) with ESMTP id 56B068FC08 for ; Wed, 6 Jun 2012 11:22:04 +0000 (UTC) Received: from localhost (58.wheelsystems.com [83.12.187.58]) by mail.dawidek.net (Postfix) with ESMTPSA id C1EE17D7; Wed, 6 Jun 2012 13:22:02 +0200 (CEST) Date: Wed, 6 Jun 2012 13:20:12 +0200 From: Pawel Jakub Dawidek To: Jilles Tjoelker Message-ID: <20120606112011.GB1381@garage.freebsd.pl> References: <4FCC126C.1020600@shatow.net> <20120605213101.GA13339@stack.nl> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="gj572EiMnwbLXET9" Content-Disposition: inline In-Reply-To: <20120605213101.GA13339@stack.nl> X-OS: FreeBSD 10.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-hackers@freebsd.org, Bryan Drewery Subject: Re: [RFC] last(1) with security.bsd.see_other_uids support X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2012 11:22:07 -0000 --gj572EiMnwbLXET9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 05, 2012 at 11:31:01PM +0200, Jilles Tjoelker wrote: > Also, the attack surface of such a daemon may be smaller than that of a > setuid/setgid program. Really? I don't see that. With current patch and setgid to utmp the process can only read some files that don't even contain very sensitive data (like passwords). Any privileged daemon is much bigger threat. Also, do we really want a daemon running all the time just to be able to parse utx files? > Alternatively, the daemon could be a setgid program that is spawned by > the utmpx APIs when needed. Still seems a bit too far for my taste. Spawning a daemon somewhere from within library doesn't sound like a good idea to me... At least until we have something like launchd that can start such services on demand. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --gj572EiMnwbLXET9 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk/PPOsACgkQForvXbEpPzS+VQCgoEBeWsnsVUGa5Xo9phhAKkDC 0oMAn3hcqNFvnGbeVMehccAzsZ//Hn6T =nGyE -----END PGP SIGNATURE----- --gj572EiMnwbLXET9--