Bug#698590: Bogus attempt at security via file permissions?
Package: libutempter0
Version: 1.1.5-4
Severity: normal
Hi,
utempter ships as follows:
% ls -laR /usr/lib/utempter
/usr/lib/utempter:
total 24
drwxr-xr-x 2 root utempter 4096 Sep 2 06:54 ./
drwxr-xr-x 48 root root 12288 Sep 2 06:54 ../
-rwxr-sr-x 2 root utmp 7024 Feb 21 2011 utempter*
Perhaps the idea was to restrict access to the setgid utempter binary to
members of the utempter group? But then the directory permissions should be
0710 or similar.
If not, then having the utempter group seems pointless.
Best regards,
--
Andras Korn <korn at elan.rulez.org>
I just got my phone bill. Buy AT&T stock now!
Reply to: