Re: utmp group proposal
At 03:19 +0200 1999-05-09, Wichert Akkerman wrote:
> To solve this I propose we create an utmp group and put in
> policy that programs that want to modify the utmp should be setgid utmp
> instead of setuid root (unless root is needed for other purposes of
> course).
This seems like *such* an obvious solution to so many problems that I
find myself perplexed why this hasn't done before, by others. Which
makes me wonder if there aren't some security issues involved? I'm
not a security expert, but I'd like to feel sure that this is secure
before we institute it as policy. So, I'd like to have the proposal
vetted by someone who *is* a security expert before we act on it.
If there are no security issues (and I'm easy to persuade on this),
then I'll change my objection to a hearty endorsement. :-)
--
Chris Waters xtifr@dsp.net | I have a truly elegant proof of the
or xtifr@debian.org | above, but it is too long to fit into
http://www.dsp.net/xtifr | this .signature file.
Reply to: