[Pkg-shadow-devel] Bug#505071: and Bug#505271 comments

Paul Szabo psz at maths.usyd.edu.au
Sun Nov 23 05:56:17 UTC 2008


Random comments about bugs 505071 and 505271.

Group utmp was introduced so terminal emulators could be setgid instead
of needing setuid root, to prevent bugs in them to escalate to root
access. Terminal emulators are generally not written with security in
mind, being the "more features the better" type of programs. This bug
negates the benefit of the group utmp separation. Any data controllable
by group utmp should be treated as insecure or possibly hostile.

Seems that login attempts to pick the "right" line of the utmp file.
Funny idea, seeing how pututline will whack the entry "anywhere"
(depending on ut_id which are rather arbitrary and irrelevant).

If login wanted to sanitize left-over utmp entries, then should set what
ttyname thinks is the correct ut_line (and what it thinks is a sensible
ut_id), not perpetuate "wrong" settings.

Privileged programs should not attempt to clean up utmp, root can do
that at his leisure e.g. with "echo -n '' > /var/run/utmp".

Cheers,

Paul Szabo   psz at maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia





More information about the Pkg-shadow-devel mailing list