On 6/5/2012 9:06 AM, Ed Schouten wrote: > Hi Bryan, > > 2012/6/4 Bryan Drewery <br...@shatow.net>: >> * Added utmp group > > Why call it utmp? FreeBSD 9+ does not do utmp. It does utmpx. Also, > too many pieces of software already abuse the group `utmp'. Instead of > doing utmp handling with it, it is used to cover all sorts of "this > uses TTYs" scenarios. It wouldn't amaze me if even irssi has setuid > utmp on some systems, simply because it runs on a TTY. Also, there's > no need for consistency. This group name would only be used by the C > library to apply ownership, the log rotator and some of our tools. >
Yeah I considered naming it utx or utmpx. It doesn't matter to me really.
> Still, I wonder whether it's worth the effort. In its current form,
> you can simply chmod 0600 the utx.* files to hide the information
> inside to non-administrative users. I guess you can essentially decide
> to make any tool setuid, simply because it can print things referring
> to a user. For example, why not have a tool that allows regular users
> to view their own auth.log entries?
Yes. It's worth the effort because I am willing and able to work on it
and as a shared hosting provider, I am constantly asked for access to
this information. It makes sense to provide users access to their own data.
I also plan to expand similar effort elsewhere.
>
>> @@ -212,7 +255,30 @@ struct idtab {
>> /* Load the last entries from the file. */
>> if (setutxdb(UTXDB_LOG, file) != 0)
>> err(1, "%s", file);
>> +
>> + /* drop setgid now that the db is open */
>> + setgid(getgid());
>> +
>> + /* Lookup current user information */
>> + pw = getpwuid(getuid());
>> +
>> + len = sizeof(see_other_uids);
>> + if (sysctlbyname("security.bsd.see_other_uids", &see_other_uids,
>> &len,
>> NULL, 0))
>> + see_other_uids = 0;
>> + restricted = is_user_restricted(pw, see_other_uids);
>> +
>> while ((ut = getutxent()) != NULL) {
>> + /* Skip this entry if the invoking user is not permitted
>> + * to see it */
>> + if (restricted &&
>> + !(ut->ut_type == BOOT_TIME ||
>> + ut->ut_type == SHUTDOWN_TIME ||
>> + ut->ut_type == OLD_TIME ||
>> + ut->ut_type == NEW_TIME ||
>> + ut->ut_type == INIT_PROCESS) &&
>> + strncmp(ut->ut_user, pw->pw_name,
>> sizeof(ut->ut_user)))
>> + continue;
>> +
>> if (amount % 128 == 0) {
>> buf = realloc(buf, (amount + 128) * sizeof *ut);
>> if (buf == NULL)
>>
>
> Though not a common case, this code will not work properly when
> multiple users share the same uid. Consider comparing against the
> username of the logged in user (see getlogin(2)), or resolving the uid
> for each entry and comparing the uids.
Good find.
>
> Best regards,
Thanks for the input!
--
Regards,
Bryan Drewery
bdrewery@freenode, bryan@EFNet
signature.asc
Description: OpenPGP digital signature
