Date: Wed, 6 Jun 2012 13:20:12 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Jilles Tjoelker <jilles@stack.nl> Cc: freebsd-hackers@freebsd.org, Bryan Drewery <bryan@shatow.net> Subject: Re: [RFC] last(1) with security.bsd.see_other_uids support Message-ID: <20120606112011.GB1381@garage.freebsd.pl> In-Reply-To: <20120605213101.GA13339@stack.nl> References: <4FCC126C.1020600@shatow.net> <20120605213101.GA13339@stack.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
--gj572EiMnwbLXET9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 05, 2012 at 11:31:01PM +0200, Jilles Tjoelker wrote: > Also, the attack surface of such a daemon may be smaller than that of a > setuid/setgid program. Really? I don't see that. With current patch and setgid to utmp the process can only read some files that don't even contain very sensitive data (like passwords). Any privileged daemon is much bigger threat. Also, do we really want a daemon running all the time just to be able to parse utx files? > Alternatively, the daemon could be a setgid program that is spawned by > the utmpx APIs when needed. Still seems a bit too far for my taste. Spawning a daemon somewhere from within library doesn't sound like a good idea to me... At least until we have something like launchd that can start such services on demand. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --gj572EiMnwbLXET9 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk/PPOsACgkQForvXbEpPzS+VQCgoEBeWsnsVUGa5Xo9phhAKkDC 0oMAn3hcqNFvnGbeVMehccAzsZ//Hn6T =nGyE -----END PGP SIGNATURE----- --gj572EiMnwbLXET9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120606112011.GB1381>