SUMMARY - 2 - Re: /etc/utmp

Date: Wed Jun 16 1993 - 08:25:19 CDT

When I tried to summarise a discussion on writeable /etc/utmp files
I passed on the suggestion of using set gid.

>"I changed utmp permissions, and made sure anything that needed to write to
>utmp was in the same group, and made it group writeable.
>I had no problems with it from then."

with the comment

>I have not tried this but it looks like quite a good idea.

I have been told by (Per Hedeland) that this is NOT
a good idea

>No it isn't - among the programs that "need" to write utmp are
>sheltool/cmdtool - if you make these set-gid to enable them to write
>utmp, they will gladly pass on the set-gid-ness to the shell that they
>typically start, and of course then the user can write utmp to his
>heart's content from that shell or any program started by it - i.e. you
>might just as well leave it world-writable.

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:07:55 CDT