On 6/5/2012 4:31 PM, Jilles Tjoelker wrote: > To avoid this, the utmpx APIs could communicate with a privileged daemon > if the files are not readable. The daemon can check the identity of the > caller via getpeereid(3). (Unfortunately, even if getpeereid() is > bypassed and LOCAL_PEERCRED called directly, only 16 groups can be > queried. Therefore the daemon cannot check the process credential for > the groups but will have to check the group database for the user.) > > Also, the attack surface of such a daemon may be smaller than that of a > setuid/setgid program. > > Alternatively, the daemon could be a setgid program that is spawned by > the utmpx APIs when needed.
I like this idea a lot. I will experiment with that. -- Regards, Bryan Drewery bdrewery@freenode, bryan@EFNet
signature.asc
Description: OpenPGP digital signature
