[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Permissions Required On hosts.allow ?

Joe Moore wrote:
> Jamie Heilman wrote:
> > Joe Moore wrote:
> >> As to your later message:
> >> setgroups() and initgroups() are not necessary.  Already UID telnetd
> >> is able to write to /var/run/utmp because of its membership in GID
> >> utmp.
> > 
> > Huh?
> Telnetd does not run as root.  However, it needs to write login entries into
> /var/run/utmp.  How does it do this?  The UID telnetd is listed as a group
> member of group "utmp".  The /var/run/utmp file is owned root:utmp, and is
> group-writable.  in.telnetd can write utmp entries.

OK, but this in no way makes setgroups() unnecessary, which is why I
was confused by your earlier statement.  telnetd's privileges are
bestowed by the inetd process, using, amongst other things,

> >> If /etc/hosts.allow is unreadable, and /etc/hosts.deny has
> >> ALL:ALL, tcpwrap will prevent all connections.  This is desirable
> >> if you want a more secure system.
> > 
> > List every daemon explicitly.  Don't rely on the side effects of
> > misconfiguration to do something that the framework already
> > allows.
> This side-effect is not a primary purpose.

I'm not debating if its primary or not, I'm mearly pointing out you
aren't adding extra security to the system that wasn't already present
in the stock configuration.

> It would be just as easy for the malicious user to not link
> libtcpwrap.so into their executable.

This malicious user scenario is a strawman, there is no need to
discuss it.  Accidental daemon starting is, unfortunately, a bit more
relevant given Debian's policy to run whatever has been installed by
default.  (Note, I'm not challenging this policy, it is what it is.)
Jamie Heilman                   http://audible.transient.net/~jamie/
"Paranoia is a disease unto itself, and may I add, the person standing
 next to you may not be who they appear to be, so take precaution."
						-Sathington Willoughby

Reply to: