Joe Moore wrote: > Jamie Heilman wrote: > > Joe Moore wrote: > >> As to your later message: > >> setgroups() and initgroups() are not necessary. Already UID telnetd > >> is able to write to /var/run/utmp because of its membership in GID > >> utmp. > > > > Huh? > > Telnetd does not run as root. However, it needs to write login entries into > /var/run/utmp. How does it do this? The UID telnetd is listed as a group > member of group "utmp". The /var/run/utmp file is owned root:utmp, and is > group-writable. in.telnetd can write utmp entries.
OK, but this in no way makes setgroups() unnecessary, which is why I was confused by your earlier statement. telnetd's privileges are bestowed by the inetd process, using, amongst other things, setgroups(). > >> If /etc/hosts.allow is unreadable, and /etc/hosts.deny has > >> ALL:ALL, tcpwrap will prevent all connections. This is desirable > >> if you want a more secure system. > > > > List every daemon explicitly. Don't rely on the side effects of > > misconfiguration to do something that the framework already > > allows. > > This side-effect is not a primary purpose. I'm not debating if its primary or not, I'm mearly pointing out you aren't adding extra security to the system that wasn't already present in the stock configuration. > It would be just as easy for the malicious user to not link > libtcpwrap.so into their executable. This malicious user scenario is a strawman, there is no need to discuss it. Accidental daemon starting is, unfortunately, a bit more relevant given Debian's policy to run whatever has been installed by default. (Note, I'm not challenging this policy, it is what it is.) -- Jamie Heilman http://audible.transient.net/~jamie/ "Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear to be, so take precaution." -Sathington Willoughby
