> BTW, anybody know what utempter is used for and how it is used?
rpm -q utempter
...
Utempter is a utility which allows some non-privileged programs to
have required root access without compromising system
security. Utempter accomplishes this feat by acting as a buffer
between root and the programs.
In old Unices like SunOS 4 file like /etc/utmp (or /var/run/utmp) would
be world-writable. This file keeps records related to logins and logouts.
"strace -o tmp_file who" to see this in liunx.
"wall" commands get issued to logged-in users on their terminals as
determined from this file. A shortcoming of a world-writable file was
that "wall" output could get written to other files by making entries
that pretend they are a current terminal.
utempter performs the utmp edits automatically as directed by login or
PAM or whatever without allowing you to fill the file with junk or hide
by erasing records of your current session. I don't know in more detail
how it works but (apart from maybe a PAM interface) I'd imagine it's pretty
simple in the source.
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
