[linux-security] Re: rh62 suid files

[Olaf Kirch <okir caldera de>]

On Fri, Jul 28, 2000 at 10:47:34AM +0200, Leos Bitto wrote:
> > Why does RH6.2 ships with /sbin/dump & /sbin/restore root setuid? These
> > are for sysadmins, not for regular users I hope.

dump and restore are security desasters waiting to happen. I wonder why
they resurrected the s bits; previous RH versions didn't have them IIRC.

> /usr/libexec/pt_chown is being used for example by my favorite xterm
> clone, gnome-terminal. Every xterm-alike apllication needs to chown your
> tty. I think that doing it via a small wrapper (pt_chown) is much better
> way than giving suid bit to that whole application.

As Martin already pointed out, any reasonably up-to-date kernel supports
devpts, so there's no _need_ to chown the pty anymore as the kernel does it
for you. Using devpts does require patching the application though; not
sure what gnome-terminal does.

FWIW, when I looked into pt_chown about a year ago it did have a problem.
I don't recall exactly what it was but I think the problem was that
it didn't check that the tty you gave it was open for writing _and_ reading.
So if you broke group tty, you could chown anybody's tty as long as it
was set to mesg y.

Olaf
-- 
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir monad swb de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir caldera de    +-------------------- Why Not?! -----------------------
         UNIX, n.: Spanish manufacturer of fire extinguishers.