Subject: Re: misc/18670: lastlog has bad permissions by default
To: NetBSD Bugs and PR posting List <netbsd-bugs@NetBSD.ORG>
From: gabriel rosenkoetter <gr@eclipsed.net>
List: netbsd-bugs
Date: 10/16/2002 17:20:55
--RDS4xtyBfx+7DiaI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Oct 16, 2002 at 04:41:26PM -0400, Greg A. Woods wrote:
> Did I say /var/log/utmp?  Nope, I really did say /var/run/utmp!  ;-)

So you did. Apologies. :^>

> > Hrm. What about third party stuff that will now have to be that it
> > should install itself sgid utmp on NetBSD? (Think SSH.com, ossh, so
> > forth.)
> Those two at least must run as root regardless.  xterm-like things
> (rxvt, eg.) are the ones which might best get this new ability once the
> pty-granting problem has been fixed.

Actually, no they don't. (Don't listen on port 22, but on, say,
2022, only allow authentication via PKI, don't permit root login,
have the host key readable only by the user as whom you're run sshd
(and root, of course) rather than as root. The problem is that
you can then only login as that user. But at that point the only
thing holding back a non-root, per-user sshd if you *really* want
it is ptys, isn't it?)

In any case, SSH daemons maybe weren't the best example. But
tracking down all the stuff that's used to the existing ownership
(if anything exists) would be a good idea before changing. (Or, I
guess, change it and see what breaks...)

--=20
gabriel rosenkoetter
gr@eclipsed.net

--RDS4xtyBfx+7DiaI
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (NetBSD)

iD8DBQE9rdg39ehacAz5CRoRAgfMAJ0bLBX38ZQHmwZzicNISsRAd1EBsgCfRSFM
MDi4MVuO/Q3GiV/2ax7jwmg=
=Rwd7
-----END PGP SIGNATURE-----

--RDS4xtyBfx+7DiaI--