From owner-freebsd-security Wed Sep 25 12:40:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D48CE37B401 for ; Wed, 25 Sep 2002 12:40:29 -0700 (PDT) Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by mx1.FreeBSD.org (Postfix) with ESMTP id 753FF43E65 for ; Wed, 25 Sep 2002 12:40:29 -0700 (PDT) (envelope-from jason@shalott.net) Received: (qmail 24877 invoked by uid 1000); 25 Sep 2002 19:40:23 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 25 Sep 2002 19:40:23 -0000 Date: Wed, 25 Sep 2002 12:40:23 -0700 (PDT) From: Jason Stone X-X-Sender: To: Subject: Re: screen question/problem. In-Reply-To: <20020925144631.E90374-100000@cithaeron.argolis.org> Message-ID: <20020925123015.Y11323-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Screen likes to be root so it can do things like update utmp (or wtmp, > whichever). I've been wondering about this for a while - on my personal systems, I've always created a group wtmp and made utmp/wtmp/lastlog group wtmp, group writable, and screen, xterm, etc, setgid wtmp instead of setuid root. This seems to me to preserve that portion of the functionality (I know that screen also likes to be setuid root for other reasons) while being substantially safer than having everything just be setuid root. Am I missing something? Are there other implications to using a wtmp group and setgid binaries? I think that this would be a nice change to make to the base system if it's reasonable to do so. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE9khEnswXMWWtptckRAjjjAJ9hkCgYyKKH+qeZRHKNdloQ1SLkVQCgry8u fA9+H2QI1m17qLq3vJaSnRo= =2mTl -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message