Date: Sun, 04 Nov 2001 11:28:00 +0100
From: Poul-Henning Kamp <phk@freebsd.org>
To: arch@freebsd.org
Subject: /etc/ttys, /var/run/utmp, ttyslot(3) and {get|put}utx* API
Message-ID: <15786.1004869680@critter.freebsd.dk>
next in thread | raw e-mail | index | archive | help
While thinking about the new cloning behaviour of the PTY driver,
my attention again crossed the /etc/ttys vs /var/run/utmp mess.
Briefly speaking, all tty devices must be prelisted in /etc/ttys,
if they are not, no record will be made in /var/run/utmp and
consequently, the user will not show up in who(1).
This is a minor security issue.
A particular tty's entry in /var/run/utmp is determined by its index
in the /etc/ttys file, so if you edit /etc/ttys and change the
order, insert or delete a record, you screw up your /var/run/utmp.
This is just ugly.
To complicate matters, some sessions, like ftp, rsync, scp, ppp and
so on should also be registered, but are not reliably so.
This is just sloppy, and a minor security hazzle.
I guess the correct solution is to implement the Single Unix
"{get|put}utx" API backed by a db(3) file.
http://www.opengroup.org/onlinepubs/007908799/xsh/endutxent.html
Any comments ?
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15786.1004869680>