From owner-freebsd-audit Wed Sep 5 8:44:15 2001 Delivered-To: freebsd-audit@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id C67F037B40B; Wed, 5 Sep 2001 08:44:02 -0700 (PDT) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.2/8.11.2) id f85Fhxs83604; Wed, 5 Sep 2001 18:43:59 +0300 (EEST) (envelope-from ru) Date: Wed, 5 Sep 2001 18:43:59 +0300 From: Ruslan Ermilov To: security@FreeBSD.org Cc: audit@FreeBSD.org Subject: Re: dropping ``setgid tty'' in dump(8) Message-ID: <20010905184359.X96906@sunbay.com> References: <20010903201909.C29616@sunbay.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010903201909.C29616@sunbay.com>; from ru@FreeBSD.org on Mon, Sep 03, 2001 at 08:19:09PM +0300 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This and that patches have been committed. On Mon, Sep 03, 2001 at 08:19:09PM +0300, Ruslan Ermilov wrote: > Hi! > > The attached patch replaces the ``wall -g'' functionality built > into dump(8) directly with the call to wall(1), thus making it > possible to drop the ``setgid tty'' privilege. > > The DIALUP check was weak, and was also removed. > > The patch is based on the OpenBSD's work. > > > I've posted another message to the -audit that makes ``wall -g'' > really work. > -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message