[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /dev/ttyS? dialin/dialout and modes.

In article <[🔎] 19970429234816.23828@dungeon.inka.de>,
Andreas Jellinghaus <aj@dungeon.inka.de> wrote:
>> Nonetheless I'm almost convinced the tty devices need not be owned by uucp.
>in which situations will uucico break, if uucico is not sgid dialout and
>uucp is in group dialout ?
>all cron jobs will be fine, and uucico will only spawn, if caller is in
>group dialout (i'm not sure on this) ?

There are some situations where you want people to be in a seperate
group uucp, so they can run "uucp", "uucico" etc but you do not
want to give them access to all dialout devices. If uucico is setgid
uucp, that's impossible.

Likewise you can come up with more situations.

However by now I think this problem has more to do with the limitations
of the general Unix file permissions. The next release of the ext2
file system, to be included in the Linux 2.1.x tree will have ACLs
(access control lists) which are probably a better way to solve the problem.

>so, in which situations will uucico not work, and is this a bad thing ?

uucico will work, and after I studied the source I'm now pretty sure it
isn't a security hole to run uucico both setuid uucp and setgid dialout.

>(i understand know, that uucico will break in some situations, if it is
>not sgid dialout, tty* belong to root, and uucp is in group dialout.
>but : will it be a bad thing, that it breaks in some cases ?

That's the $64000 question, right..

>i'm not sure, but every cron job will work ok, and if someone starts
>uucico, it will only be able to dial out, if the caller is in group
>dialout (sine calling uucico doesn't do initgroup, the groups of the
>caller are still active ?). in that case, it wouldn't be a bad thing.

Sure unless you want everybody in group dialout to be able to call uucico..
However at this moment uucico is world executable so everybody can call
it anyway. I have to change that in the next release.

But the same is ofcourse true for ifmail etc. so maybe uucp shouldn't
have a priviliged situation at all, and it's better to find a more
general solution in time (like ACLs).

Another solution would be to move uucico to /usr/lib/uucp, make
/usr/lib/uucp user/group uucp mode 770, and make uucico setuid uucp,
setgid dialout, world executable. This would still have the effect that
only people/programs/daemons in group uucp can call uucico.

|    Miquel van      |  "I need more space" "Well, why not move to Texas" |
| miquels@cistron.nl |  "No, on my account, stupid." "Stupid? Uh-oh.."    |
|   PGP fingerprint: FE 66 52 4F CD 59 A5 36  7F 39 8B 20 F1 D6 74 02     |

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: