Date: Sun, 04 Nov 2001 11:28:00 +0100 From: Poul-Henning Kamp <phk@freebsd.org> To: arch@freebsd.org Subject: /etc/ttys, /var/run/utmp, ttyslot(3) and {get|put}utx* API Message-ID: <15786.1004869680@critter.freebsd.dk>
next in thread | raw e-mail | index | archive | help
While thinking about the new cloning behaviour of the PTY driver, my attention again crossed the /etc/ttys vs /var/run/utmp mess. Briefly speaking, all tty devices must be prelisted in /etc/ttys, if they are not, no record will be made in /var/run/utmp and consequently, the user will not show up in who(1). This is a minor security issue. A particular tty's entry in /var/run/utmp is determined by its index in the /etc/ttys file, so if you edit /etc/ttys and change the order, insert or delete a record, you screw up your /var/run/utmp. This is just ugly. To complicate matters, some sessions, like ftp, rsync, scp, ppp and so on should also be registered, but are not reliably so. This is just sloppy, and a minor security hazzle. I guess the correct solution is to implement the Single Unix "{get|put}utx" API backed by a db(3) file. http://www.opengroup.org/onlinepubs/007908799/xsh/endutxent.html Any comments ? -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15786.1004869680>