From owner-freebsd-security Wed Oct 4 11:48:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id C4DE837B66D for ; Wed, 4 Oct 2000 11:48:34 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id OAA08769; Wed, 4 Oct 2000 14:48:30 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Wed, 4 Oct 2000 14:48:29 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: cjclark@alum.mit.edu Cc: freebsd-security@freebsd.org Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 4 Oct 2000, Robert Watson wrote: > /etc/rc: (cd /var/run && cp /dev/null utmp && chmod 644 > utmp;) It turns out their install script and rc patch modifications do this, although that isn't documented. However, they don't handle the newsyslog changes for wtmp, and their use of setgid displays a misunderstanding of how process credentials are managed in the kernel. This implementation worries me a bit, and I'm a little surprised they didn't post to freebsd-security requesting review before posting to bugtraq. All in all, I wouldn't recommend using these changes until they can be properly reviewed. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message