From owner-freebsd-security Sat Sep 1 8:21: 3 2001 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id BE82837B409; Sat, 1 Sep 2001 08:20:55 -0700 (PDT) Received: from localhost (arr@localhost) by fledge.watson.org (8.11.6/8.11.5) with SMTP id f81FKo022547; Sat, 1 Sep 2001 11:20:50 -0400 (EDT) (envelope-from arr@watson.org) Date: Sat, 1 Sep 2001 11:20:50 -0400 (EDT) From: "Andrew R. Reiter" To: Robert Watson Cc: freebsd-audit@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: setlogincontext() modifications. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Actually yes... as of 4.4-RC, the following utilize setusercontext(): ftpd/ftpd.c: setusercontext(lc, pw, (uid_t)0, LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY| LOGIN_SETRESOURCES|LOGIN_SETUMASK); /* and code to reset */ rshd/rshd.c: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL) != 0) On Fri, 31 Aug 2001, Robert Watson wrote: :I guess my response would actually be surprise that it isn't used already. ::-) Do those use setusercontext() at all? : :Robert N M Watson FreeBSD Core Team, TrustedBSD Project :robert@fledge.watson.org NAI Labs, Safeport Network Services : :On Wed, 22 Aug 2001, Andrew R. Reiter wrote: : :> Hi, :> :> I plan on doing some patches for adding setlogincontext() calls to: :> :> libexec/: :> atrun/atrun.c :> ftpd/ftpd.c :> rshd/rshd.c :> uucpd/uucpd.c :> :> as an initial step towards seeing how people react. If people can perhaps :> recommend a couple more from other parts of the tree that I could write :> patches for, that would be great. I ask this so that I can perhaps get a :> bit more of a reaction from some people as this type of patch will effect :> some network daemons etc... :> :> Thanks, :> :> Andrew :> :> *-------------................................................. :> | Andrew R. Reiter :> | arr@fledge.watson.org :> | "It requires a very unusual mind :> | to undertake the analysis of the obvious" -- A.N. Whitehead :> :> :> To Unsubscribe: send mail to majordomo@FreeBSD.org :> with "unsubscribe freebsd-audit" in the body of the message :> : : *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message