Re: Permissions Required On hosts.allow ?

To: debian-security@lists.debian.org
Subject: Re: Permissions Required On hosts.allow ?
From: Andrew Pimlott <andrew@pimlott.net>
Date: Sun, 1 Sep 2002 12:29:14 -0400
Message-id: <[🔎] 20020901162914.GK10163@pimlott.net>
In-reply-to: <27391.146.122.45.164.1030719189.squirrel@www.iegrec.org>
References: <umgtmu08302hvnj34uqjlh4bst44dohu8f@4ax.com> <27391.146.122.45.164.1030719189.squirrel@www.iegrec.org>

On Fri, Aug 30, 2002 at 08:53:09AM -0600, Joe Moore wrote:
> Actually, your realization is wrong.  The definitions in /etc/group add a
> supplementary GID to the UID telnetd.  There is no change needed in the
> application or sgid bits.  The OS handles the initgroups() call.

Buzz.  The OS does not enforce that when you're running as user
telnetd, you have telnetd's supplementary groups.  initgroups(3) or
setgroups(2) must be called by every application that wants to set
up supplementary groups.  It may be that every application you care
about does this--but the next one may not (which is probably a bug,
but it happens).

Meditate on this and you'll realize what a horrific kluge is unix
security.  :-)

Andrew

Reply to:

Prev by Date: Re: Mail relay attempts
Next by Date: Re: Permissions Required On hosts.allow ?
Previous by thread: Re: Mail relay attempts
Next by thread: Re: Permissions Required On hosts.allow ?
Index(es):
- Date
- Thread