From owner-freebsd-security Mon Aug 20 0:33:10 2001 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 5369D37B40F; Mon, 20 Aug 2001 00:33:00 -0700 (PDT) (envelope-from arr@watson.org) Received: from localhost (arr@localhost) by fledge.watson.org (8.11.5/8.11.5) with SMTP id f7K7Wwn37668; Mon, 20 Aug 2001 03:32:58 -0400 (EDT) (envelope-from arr@watson.org) Date: Mon, 20 Aug 2001 03:32:57 -0400 (EDT) From: "Andrew R. Reiter" To: Robert Watson Cc: audit@freebsd.org, security@freebsd.org Subject: Re: login_cap In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Cool, a response :-) I actually didn't know about setlogincontext() until you mentioned it now. After browsing the login_class.c source, this does seem like a good thing to utilize -- perhaps a patch to the man page would help too. I wonder if it's wise if we come up with a list of pieces of code that we should start moving setlogincontext() into? My first shot would be to go for the set{u,g}id program and network daemons. Thoughts? Cheers, Andrew On Sun, 19 Aug 2001, Robert Watson wrote: : :Would this make use of the setlogincontext() code in libutil? If so, I'd :be very happy to see that used more pervasively through the system. In :particular, using LOGIN_SETALL with appropriate bits substracted, rather :than specifying individual bits. The reasoning for this is that my MAC :code uses a new LOGIN_SETLABEL flag, and I noticed a number of existing :uses of setlogincontext() that set only specific bits but leave out parts :of the context setup. Likewise, places in the system where uids/etc are :manually configured, resulting in incorrect setting of additional groups, :resource limits, etc. Given that appropriate enforcement of system :resource limits is now vital to maintaining multi-user systems, being :consistent about enforcing them in all situations is very important. : :Robert N M Watson FreeBSD Core Team, TrustedBSD Project :robert@fledge.watson.org NAI Labs, Safeport Network Services : :On Fri, 17 Aug 2001, Andrew R. Reiter wrote: : :> Hey, :> :> Im wondering if there's any real interest for patches to be made for some :> services so that they do login class, etc authentication? Such an example :> would be for atrun.c in libexec/atrun/. :> :> In my opinion, it is probably worth doing and getting commited, but if no :> one would commit the patches, I dont see a point in doing them :-) :> :> btw, if you're unfamiliar with login caps, check out login_cap(3) and :> login_class(3). :> :> Andrew :> :> *-------------................................................. :> | Andrew R. Reiter :> | arr@fledge.watson.org :> | "It requires a very unusual mind :> | to undertake the analysis of the obvious" -- A.N. Whitehead :> :> :> To Unsubscribe: send mail to majordomo@FreeBSD.org :> with "unsubscribe freebsd-security" in the body of the message :> : : *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message