Re: Setuid and setgid files

From: Patrick Duane Dunston (duane@sukkha.homeip.net)
Date: 01/10/02 

Date: Thu, 10 Jan 2002 08:51:11 -0500 (EST)
From: Patrick Duane Dunston <duane@sukkha.homeip.net>
To: <security-discuss@linuxsecurity.com>

THANKS!!! 8-)

> In old Unices like SunOS 4 file like /etc/utmp (or /var/run/utmp) would
> be world-writable. This file keeps records related to logins and logouts.
> "strace -o tmp_file who" to see this in liunx.
>
> "wall" commands get issued to logged-in users on their terminals as
> determined from this file. A shortcoming of a world-writable file was
> that "wall" output could get written to other files by making entries
> that pretend they are a current terminal.
>
> utempter performs the utmp edits automatically as directed by login or
> PAM or whatever without allowing you to fill the file with junk or hide
> by erasing records of your current session. I don't know in more detail
> how it works but (apart from maybe a PAM interface) I'd imagine it's pretty
> simple in the source.
> ------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message.
> 

-- 
duane

--

GnuPG Public Key:  http://sukkha.homeip.net/pgp.html

--

Fun reading:  8-)
http://linuxtoday.com/search.php3?author=Duane:Dunston

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.