Random comments about bugs 505071 and 505271. Group utmp was introduced so terminal emulators could be setgid instead of needing setuid root, to prevent bugs in them to escalate to root access. Terminal emulators are generally not written with security in mind, being the "more features the better" type of programs. This bug negates the benefit of the group utmp separation. Any data controllable by group utmp should be treated as insecure or possibly hostile.
Seems that login attempts to pick the "right" line of the utmp file. Funny idea, seeing how pututline will whack the entry "anywhere" (depending on ut_id which are rather arbitrary and irrelevant). If login wanted to sanitize left-over utmp entries, then should set what ttyname thinks is the correct ut_line (and what it thinks is a sensible ut_id), not perpetuate "wrong" settings. Privileged programs should not attempt to clean up utmp, root can do that at his leisure e.g. with "echo -n '' > /var/run/utmp". Cheers, Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
