Re: utmp and friends

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 26, 2007 at 06:26:39PM -0400, Bill Nottingham wrote:
> Miroslav Lichvar (mlichvar@xxxxxxxxxx) said: 
> > The problem is that setgid binaries have some environment variables
> > like LD_LIBRARY_PATH and TMPDIR removed. I got bugs #229360 #243069
> > reported for xterm. Unfortunately I can't fix it unless utempter is
> > accessible without setgid. Do we really need to protect the file from
> > bad applications?
> > 
> > Gnome-terminal, on the other hand, uses gnome-pty-helper binary that
> > has utmp setgid. The binary is not hidden and every application can
> > make entries in the utmp file.
> > 
> > To have some consistency, either gnome-pty-helper needs to be also
> > made accessible only to the utempter group and gnome-terminal is made
> > setgid or utemper is made accessible to everyone and xterm drops setgid.
> 
> The entire idea of utempter is so that the terminal *doesn't* need to be
> setgid - if it's setgid, what's the point of a helper?

Well, the terminal doesn't need to be setgid utmp, but only utempter.
Setgid utempter allows only adding/removing entries in utmp while
setgid utmp allows unrestricted access.

The question is, should users be allowed to add entries in utmp
without starting a terminal emulator?

-- 
Miroslav Lichvar

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux