SUMMARY: Closing up /etc/utmp

From: Brendan Kehoe (brendan@cs.widener.edu)
Date: Tue Dec 04 1990 - 17:38:28 CST


 Thanks to Seth Robertson (seth@ctr.columbia.edu), Per Foreby
(perf@efd.lth.se), and Walter Rowe (cme.nist.gov) for their responses
on this matter. My original question asked if anybody had a good way
to overcome the problem of having /etc/utmp world-writable (which has
more implications than just a user editing him/herself out, I understand).
 On to the info ..

Seth suggested:
>Just write a suid program which users would have to run before they
>could use talk or stuff like that. It would make the entry in utmp
>(carefully done, of course) and all would be well.

Per suggested:

>The problem isn't hiding users. The real problem has to do with rwall.
>(If you don't know about it, I could send you a copy of the
>description.)
>
>I don't know if this is a decent fix, but it is a fix.
>
>We have /etc/utmp 644 and owned by root. This is how it works for the
>programs trying to write the file:
>/bin/login: (on login) ok because root owns the file.
>/usr/etc/init: (on logout) same av above.
>xterm: make xterm suid root and all is fine. (The code is already in xterm).
>sunview: Hmmm, this is a tricky one. We solved it by patching the file
> /usr/lib/libsuntool.so.0.50. Changed /etc/utmp to /dev/null.
>/bin/script: Warns that it couldn't write /etc/utmp (why should it?).
>
>The most important thing must be to avoid the security problem. Then,
>if some programs can't sign in, well I'm sorry but thats not half as
>important.

  Per also mentioned a problem with rwall, which spurred me on to take
it out of inetd.conf (since I'm the only one that would really care
about using it anyway, and I can live with going over to other
machines & doing wall; systems with >50 or so systems will probably
scream at that thought, though)

Walter suggested (along the lines of Seth's idea):
>Perhaps making those certain applications set-gid and changing the
>group on /etc/utmp would work. I haven't tried it, it was just a
>thought off the top of my head.

  I went with Per's suggestion, simply because I'm really queasy about
making things set-uid or set-gid. So far it seems to be working fine.
(Thank you God [rms] for emacs.)
There's still the drawback that people in sunview can't do talk, etc,
because their windows don't show up in utmp (theoretically they can
from the console window though, if they're not using contool). Que
sera sera. :-)

  Hope this comes in handy.

-- 
    Brendan Kehoe - Widener Sun Network Manager - brendan@cs.widener.edu
 Widener University in Chester PA              A Bloody Sun-vs-Dec War Zone
 Hey ... do you think George Bush carries money or any kind of ID with him?



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:00 CDT