Date: Thu, 23 Dec 1999 19:34:10 -0600 (CST) From: Jay Nelson <noslenj@swbell.net> To: security@freebsd.org Subject: setuid and cmdtool? Message-ID: <Pine.BSF.4.05.9912231847360.958-100000@acp.swbell.net>
next in thread | raw e-mail | index | archive | help
My question is about making the xview based cmdtool run safely suid root so that utmp is updated. As it is, cmdtool does not have the authority to write to utmp. cmdtool is more of a wrapper for xview -- all the terminal functions come from the xview libraries. To make it work, it looks like I would have to run suid root, but it would take changes to both cmdtool and the xview library to restrict access to the real user id. Since it hasn't been done, I'm probably overlooking something obvious so I'm looking for some one to show me the problems. If I seteuid root just before the utmp update and setreuid just after the update in xview, any risk seems minimal since any calling function without root access couldn't execute seteuid to root if the calling program were not suid root. If I run cmdtool suid root, I gain the ability to switch to root in xview for the utmp update, but would have to set the effective uid to the real id as the first instruction in cmdtool. It looks like this would get utmp updated without unreasonable exposure. Is this reasonable? What holes would I open up? On the other hand, is there any practical value to logging pseudo terminals to utmp? Thanks -- Jay To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9912231847360.958-100000>