Re: Permissions Required On hosts.allow ?
Joe Moore wrote:
> Jamie Heilman wrote:
> > Joe Moore wrote:
> >> As to your later message:
> >> setgroups() and initgroups() are not necessary. Already UID telnetd
> >> is able to write to /var/run/utmp because of its membership in GID
> >> utmp.
> > Huh?
> Telnetd does not run as root. However, it needs to write login entries into
> /var/run/utmp. How does it do this? The UID telnetd is listed as a group
> member of group "utmp". The /var/run/utmp file is owned root:utmp, and is
> group-writable. in.telnetd can write utmp entries.
OK, but this in no way makes setgroups() unnecessary, which is why I
was confused by your earlier statement. telnetd's privileges are
bestowed by the inetd process, using, amongst other things,
> >> If /etc/hosts.allow is unreadable, and /etc/hosts.deny has
> >> ALL:ALL, tcpwrap will prevent all connections. This is desirable
> >> if you want a more secure system.
> > List every daemon explicitly. Don't rely on the side effects of
> > misconfiguration to do something that the framework already
> > allows.
> This side-effect is not a primary purpose.
I'm not debating if its primary or not, I'm mearly pointing out you
aren't adding extra security to the system that wasn't already present
in the stock configuration.
> It would be just as easy for the malicious user to not link
> libtcpwrap.so into their executable.
This malicious user scenario is a strawman, there is no need to
discuss it. Accidental daemon starting is, unfortunately, a bit more
relevant given Debian's policy to run whatever has been installed by
default. (Note, I'm not challenging this policy, it is what it is.)
Jamie Heilman http://audible.transient.net/~jamie/
"Paranoia is a disease unto itself, and may I add, the person standing
next to you may not be who they appear to be, so take precaution."