[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] Pgetauid/Psetauid

To: Guido Flohr <gufl0000@stud.uni-sb.de>
Subject: Re: [MiNT] Pgetauid/Psetauid
From: "Konrad M. Kokoszkiewicz" <draco@obta.uw.edu.pl>
Date: Fri, 26 Nov 1999 15:12:44 +0100 (CET)
Cc: MiNT mailing list <mint@fishpool.com>
In-reply-to: <19991119171541.F102@stud>
Sender: owner-mint@fishpool.com

Hi,

> > > > Hum, perhaps for the same reason it calls Pseteuid()?
> > > 
> > > It calls Pseteuid to change persona.
> > 
> > Indeed. Perhaps we should change it though - i.e. remove the explicit auid
> > calls (after they have been documented a year ago, grr) and add a line to
> > Pseteuid() which would simultanously set auid, silently failing on error.
> > For reason see below.
> 
> And I would opt for fixing the obvious bug of the interface and then
> forget about auid.

Hum... let me change my opinion once again :-) The Pget/setauid() calls
have been introduced on some purpose. There's supposedly a program called
'audit' which apparently relies on them (see /etc/passwd file in the KGMD
distribution). My proposal is: if the 'audit' thing is something useful,
we keep these calls and develop further (if necessary). If the 'audit' is
nothing useful, we remove them.
 
> > My understanding is that auid is for the following situation:
> > 
> > - someone logs as an user (euid -> 0)
> 
> ?
> The user #0 is commonly called the superuser...

Typo. Read "euid > 0".
 
> > In this case auid, if inherited by new superuser shell, still holds the
> > original user id (unless the person found a way to overwrite auid as
> > well). And call me paranoic. :-) It would be (IMHO) more useful
> > information than the id of a person who first managed to grab the keyboard
> > after the system has started successfully.
> 
> If somebody has the privilege to become the super-user, why should child
> processes know who she originally was?

To track down who hacked root account when the root was away :-)

> The su command logs every attempt
> to change persona with before/after information.  That should really be
> enough.  Otherwise we would have to discuss if Pgetauid should still be
> allowed for ordinary users.  The syslogd usually logs the same information
> in a file that is not world-readable.

Well, right.

Gtx,

--
Konrad M.Kokoszkiewicz
|mail: draco@atari.org                  |  Atari Falcon030 user   |
|http://www.obta.uw.edu.pl/~draco/      | Moderator gregis LATINE |
|http://draco.atari.org                 |       (loquentium)      |

** Ea natura multitudinis est,
** aut servit humiliter, aut superbe dominatur (Liv. XXIV,25)
*************************************************************
** U pospolstwa normalne jest, ze albo sluzy ono unizenie,
** albo bezczelnie sie panoszy.

References:
- Re: [MiNT] Pgetauid/Psetauid
  - From: Guido Flohr <gufl0000@stud.uni-sb.de>

Prev by Date: Re: [MiNT] Warning
Next by Date: Re: [MiNT] kernel 1.15.5
Previous by thread: Re: [MiNT] Pgetauid/Psetauid
Next by thread: Re: [MiNT] C bit
Index(es):
- Date
- Thread