Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 4 Sep 2001 19:47:11 +0300
From:      Ruslan Ermilov <ru@FreeBSD.org>
To:        Warner Losh <imp@FreeBSD.org>, Bruce Evans <bde@FreeBSD.org>, Kris Kennaway <kris@FreeBSD.org>, Mark Murray <markm@FreeBSD.org>
Cc:        audit@FreeBSD.org
Subject:   Re: wall -g is broken
Message-ID:  <20010904194711.I1669@sunbay.com>
In-Reply-To: <20010903192449.B29616@sunbay.com>; from ru@FreeBSD.org on Mon, Sep 03, 2001 at 07:24:49PM %2B0300
References:  <20010903201909.C29616@sunbay.com> <20010903192449.B29616@sunbay.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Unless I hear any intentions to review these patches, I am
going to commit them tomorrow morning, local time.

I know that your time is limited, but it would be nice to
know if you ever going to review this.  If so, please tell
me your review's deadline.

Thanks,

On Mon, Sep 03, 2001 at 07:24:49PM +0300, Ruslan Ermilov wrote:
> Hi!
> 
> As the subject line says, ``wall -g'' appears to be broken.
> 
> I feel somewhat confused, as the original list of reviewers
> looks quite amazing: imp, bde, kris, markm, audit@.
> 
> The use of the getgroups(3) function is unproven since:
> 
> 1)  Its first argument should specify the array size, and
>     is of type `int', not `gid_t'.
> 
> 2)  The code gives false matches and does not produce the
>     required matches.  Instead of checking the membership
>     of each line's owner in the -g list of groups, the
>     code gives a match if at least one of the -g groups
>     matches those of the process's groups, as returned
>     by getgroups().  Thus,
> 
> 	wall -g `id -gn`
> 
>     will match the entire ttys(5).
> 
> The attached patch fixes this.
> 
> Please _REALLY_ review this now!
> 
> <PS>
> This bug was obtained from OpenBSD, but without mentioning
> this in the commit log's ``Obtained from: '' field.  The
> bug is still present in OpenBSD.
> </PS>

On Mon, Sep 03, 2001 at 08:19:09PM +0300, Ruslan Ermilov wrote:
> Hi!
> 
> The attached patch replaces the ``wall -g'' functionality built
> into dump(8) directly with the call to wall(1), thus making it
> possible to drop the ``setgid tty'' privilege.
> 
> The DIALUP check was weak, and was also removed.
> 
> The patch is based on the OpenBSD's work.
> 
> <PS>
> I've posted another message to the -audit that makes ``wall -g''
> really work.
> </PS>




-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010904194711.I1669>