Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 04 Jan 2001 14:30:04 -0500
From:      Daniel Hagan <dhagan@colltech.com>
To:        Guy Helmer <ghelmer@palisadesys.com>, freebsd-security@freebsd.org, freebsd-audit@freebsd.org
Subject:   Re: ftpd and anonymous setup (modified ftpd)
Message-ID:  <3A54CF3C.98CA7BF@colltech.com>
References:  <Pine.LNX.4.21.0101041311230.10523-100000@magellan.palisadesys.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Guy Helmer wrote:
> Does this do what I think it does -- it appears if I login as a "ro" user,
> then login again as a different (not "ro") user, the session will still be
> "ro"?  Granted, this doesn't happen often, but it seems to violate POLA...

Yes, this is the way it works given this patch (it's also explicitly
mentioned in the patch to the man page).  If you reset the read-only
setting here, you need to make a different flag for login.conf read-only
caps and the -r read-only setting (since -r is daemon wide and should
never be modified at run-time).  If people think the POLA effect will be
significant enough, I suppose I can rewrite the patch to do that
instead.

Daniel


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A54CF3C.98CA7BF>