Date: Wed, 25 Sep 2002 12:40:23 -0700 (PDT) From: Jason Stone <jason-fbsd-security@shalott.net> To: <freebsd-security@FreeBSD.ORG> Subject: Re: screen question/problem. Message-ID: <20020925123015.Y11323-100000@walter> In-Reply-To: <20020925144631.E90374-100000@cithaeron.argolis.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Screen likes to be root so it can do things like update utmp (or wtmp, > whichever). I've been wondering about this for a while - on my personal systems, I've always created a group wtmp and made utmp/wtmp/lastlog group wtmp, group writable, and screen, xterm, etc, setgid wtmp instead of setuid root. This seems to me to preserve that portion of the functionality (I know that screen also likes to be setuid root for other reasons) while being substantially safer than having everything just be setuid root. Am I missing something? Are there other implications to using a wtmp group and setgid binaries? I think that this would be a nice change to make to the base system if it's reasonable to do so. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE9khEnswXMWWtptckRAjjjAJ9hkCgYyKKH+qeZRHKNdloQ1SLkVQCgry8u fA9+H2QI1m17qLq3vJaSnRo= =2mTl -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020925123015.Y11323-100000>