[RFC] last(1) with security.bsd.see_other_uids support
Bryan Drewery
bryan at shatow.net
Tue Jun 5 21:42:37 UTC 2012
On 6/5/2012 4:31 PM, Jilles Tjoelker wrote:
> To avoid this, the utmpx APIs could communicate with a privileged daemon
> if the files are not readable. The daemon can check the identity of the
> caller via getpeereid(3). (Unfortunately, even if getpeereid() is
> bypassed and LOCAL_PEERCRED called directly, only 16 groups can be
> queried. Therefore the daemon cannot check the process credential for
> the groups but will have to check the group database for the user.)
>
> Also, the attack surface of such a daemon may be smaller than that of a
> setuid/setgid program.
>
> Alternatively, the daemon could be a setgid program that is spawned by
> the utmpx APIs when needed.
I like this idea a lot.
I will experiment with that.
--
Regards,
Bryan Drewery
bdrewery at freenode, bryan at EFNet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20120605/3a16c87d/signature.pgp
More information about the freebsd-hackers
mailing list