On Tue, Jun 05, 2012 at 11:31:01PM +0200, Jilles Tjoelker wrote: > Also, the attack surface of such a daemon may be smaller than that of a > setuid/setgid program.
Really? I don't see that. With current patch and setgid to utmp the process can only read some files that don't even contain very sensitive data (like passwords). Any privileged daemon is much bigger threat. Also, do we really want a daemon running all the time just to be able to parse utx files? > Alternatively, the daemon could be a setgid program that is spawned by > the utmpx APIs when needed. Still seems a bit too far for my taste. Spawning a daemon somewhere from within library doesn't sound like a good idea to me... At least until we have something like launchd that can start such services on demand. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl
pgp5gmb6H1FxE.pgp
Description: PGP signature