From owner-freebsd-audit Sat Jan 20 3: 0:36 2001 Delivered-To: freebsd-audit@freebsd.org Received: from gratis.grondar.za (grouter.grondar.za [196.7.18.65]) by hub.freebsd.org (Postfix) with ESMTP id 251AC37B401; Sat, 20 Jan 2001 03:00:14 -0800 (PST) Received: from grondar.za (root@gratis.grondar.za [196.7.18.133]) by gratis.grondar.za (8.11.1/8.11.1) with ESMTP id f0KB01I52565; Sat, 20 Jan 2001 13:00:06 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <200101201100.f0KB01I52565@gratis.grondar.za> To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: openpty(8) helper app References: <20010120011948.A37806@citusc17.usc.edu> In-Reply-To: <20010120011948.A37806@citusc17.usc.edu> ; from Kris Kennaway "Sat, 20 Jan 2001 01:19:48 PST." Date: Sat, 20 Jan 2001 13:00:07 +0200 From: Mark Murray Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > For a long time now I've been wanting to fix openpty(3) to work > correctly for non-root users, i.e. to change the ownership and file > permissions so that it is secure for non-root callers (presently it's > a big security hole than ptys obtained will still be world > readable/writable, so applications cannot use them securely). > > Then I discovered bin/9770, which is a solution to this problem which > has existed for almost 2 years :-) > > Here's the patch - please review carefully: Generally speaking, this is a method that I like very much. Rather than making a family of utils insecure by making them setuid, focus the setuid-needs on the minimum secure setuid applet that you can and have the previously setuid family of apps call the new, focussed app. Modulo the man-pages, this looks very cool. The man pages need to be modernised a bit. I can see a great need (and I have code to do it) to do something very similar to allow passwd(1), chfn(1) etc to be non-setuid. M -- Mark Murray Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message