Date: Tue, 4 Sep 2001 19:47:11 +0300 From: Ruslan Ermilov <ru@FreeBSD.org> To: Warner Losh <imp@FreeBSD.org>, Bruce Evans <bde@FreeBSD.org>, Kris Kennaway <kris@FreeBSD.org>, Mark Murray <markm@FreeBSD.org> Cc: audit@FreeBSD.org Subject: Re: wall -g is broken Message-ID: <20010904194711.I1669@sunbay.com> In-Reply-To: <20010903192449.B29616@sunbay.com>; from ru@FreeBSD.org on Mon, Sep 03, 2001 at 07:24:49PM %2B0300 References: <20010903201909.C29616@sunbay.com> <20010903192449.B29616@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Unless I hear any intentions to review these patches, I am going to commit them tomorrow morning, local time. I know that your time is limited, but it would be nice to know if you ever going to review this. If so, please tell me your review's deadline. Thanks, On Mon, Sep 03, 2001 at 07:24:49PM +0300, Ruslan Ermilov wrote: > Hi! > > As the subject line says, ``wall -g'' appears to be broken. > > I feel somewhat confused, as the original list of reviewers > looks quite amazing: imp, bde, kris, markm, audit@. > > The use of the getgroups(3) function is unproven since: > > 1) Its first argument should specify the array size, and > is of type `int', not `gid_t'. > > 2) The code gives false matches and does not produce the > required matches. Instead of checking the membership > of each line's owner in the -g list of groups, the > code gives a match if at least one of the -g groups > matches those of the process's groups, as returned > by getgroups(). Thus, > > wall -g `id -gn` > > will match the entire ttys(5). > > The attached patch fixes this. > > Please _REALLY_ review this now! > > <PS> > This bug was obtained from OpenBSD, but without mentioning > this in the commit log's ``Obtained from: '' field. The > bug is still present in OpenBSD. > </PS> On Mon, Sep 03, 2001 at 08:19:09PM +0300, Ruslan Ermilov wrote: > Hi! > > The attached patch replaces the ``wall -g'' functionality built > into dump(8) directly with the call to wall(1), thus making it > possible to drop the ``setgid tty'' privilege. > > The DIALUP check was weak, and was also removed. > > The patch is based on the OpenBSD's work. > > <PS> > I've posted another message to the -audit that makes ``wall -g'' > really work. > </PS> -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010904194711.I1669>