Date: Tue, 26 Nov 1996 19:24:03 -0700 (MST) From: Marc Slemko <marcs@znep.com> To: "Daniel O'Callaghan" <danny@panda.hilink.com.au> Cc: hackers@freebsd.org Subject: Re: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2 Message-ID: <Pine.BSF.3.95.961126191506.5108D-100000@alive.ampr.ab.ca> In-Reply-To: <Pine.BSF.3.91.961126090845.1781I-100000@panda.hilink.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
...and one thing that many people don't consider is that having login setuid root can make accounting based on wtmp files (and anything based on utmp files) inaccurate. eg. user@host$ w 6:66PM up 8 days, 6:66, 2 users, load averages: 6.66, 6.66, 6.66 USER TTY FROM LOGIN@ IDLE WHAT user p0 host 7:17PM - w user@host$ sh -c login login: user2 Password: user2@host$ exit user@host$ w 6:66PM up 8 days, 6:66, 2 users, load averages: 6.66, 6.66, 6.66 USER TTY FROM LOGIN@ IDLE WHAT user2 p0 - 7:17PM - w user@host$ last -2 user2 ttyp0 Tue Nov 26 19:18 still logged in user ttyp0 host Tue Nov 26 19:17 - 19:18 (00:01) On Tue, 26 Nov 1996, Daniel O'Callaghan wrote: > > > On Mon, 25 Nov 1996, Terry Lambert wrote: > > > [ ... sendmail ... ] > > > > > It is also the most used/public suid program in the world, subject to > > > the most scrutinity (and attack). > > > > login? > > Came up a couple of months ago. login only needs to be suid root so > someone can log in again by executing 'login' rather than logging out, or > logging back in. It also is a candidate for "set me suid root only if > needed." > > Danny >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961126191506.5108D-100000>