From owner-freebsd-hackers@FreeBSD.ORG  Tue Oct 21 13:08:33 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3BB3D16A4B3
	for <hackers@freebsd.org>; Tue, 21 Oct 2003 13:08:33 -0700 (PDT)
Received: from mail.silverwraith.com (66-214-182-79.la-cbi.charterpipeline.net
	[66.214.182.79])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E5A3343FAF
	for <hackers@freebsd.org>; Tue, 21 Oct 2003 13:08:30 -0700 (PDT)
	(envelope-from avleen@silverwraith.com)
Received: from avleen by mail.silverwraith.com with local (Exim 4.22)
	id 1AC2nq-0000sW-Sx; Tue, 21 Oct 2003 13:08:26 -0700
Date: Tue, 21 Oct 2003 13:08:26 -0700
From: Avleen Vig <lists-freebsd@silverwraith.com>
To: Kris Kennaway <kris@obsecurity.org>
Message-ID: <20031021200826.GS792@silverwraith.com>
References: <20031020134532.B63978@demos.bsdclusters.com>
	<20031021163038.GA66101@rot13.obsecurity.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20031021163038.GA66101@rot13.obsecurity.org>
User-Agent: Mutt/1.5.4i
Sender: Avleen Vig <avleen@silverwraith.com>
cc: hackers@freebsd.org
cc: Kip Macy <kmacy@fsmware.com>
Subject: Re: process checkpoint restore facility now in DragonFly BSD
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Oct 2003 20:08:33 -0000

On Tue, Oct 21, 2003 at 09:30:38AM -0700, Kris Kennaway wrote:
> > Please note that there are *SEVERE* security issues with this module.
> > The module is not loaded into the kernel by default and, when loaded,
> > can only be used by users in the wheel group.
> 
> Why the wheel group?  Until now, the only special privilege this group
> has is that users are allowed to su to root, if they knew the
> password.  It looks like now you've removed the root password barrier
> and allow anyone in the wheel group to manipulate processes to obtain
> root without a password :-)

If you don't want them getting root, don't put them in wheel? ;-)
<ducks>

-- 
Avleen Vig
Systems Administrator
Personal: www.silverwraith.com
EFnet:    irc.mindspring.com (Earthlink user access only)