Home page logo

bugtraq logo Bugtraq mailing list archives

Re: /etc/utmp
From: chasin () crimelab crimelab com (Scott Chasin)
Date: Mon, 28 Mar 94 22:35:21 CST

Norman Wilson (norman () utirc utoronto ca) writes:

Bill Cheswick suggests that programs be made set-groupid `utmp' to write
on /etc/utmp; Mitch Wright observes that if writing on utmp allows you to
become super-user, group utmp just becomes another name for userid 0.

[stuff deleted]
On a different note, has this discussion perhaps gotten out of hand? I haven't
been a bugtraq subscriber for very long, but I'd hoped to get more useful
information and less mere chatter (as this message) than has been going
on for the past day or so.  Is this what bugtraq is meant to be like,
or is it time for the discussion to shift to some appropriate newsgroup?

Norman Wilson
University of Toronto

I agree.  Although the discussion has been interesting, Lets try to stick
with the purpose of this list.  The discussion detailing the utmp attack
and proposed fixes has been beaten to death.  

With the bugtraq membership growing above 950 recipients, some of which are
local exploders and vendor inside lists, we need to maintain the purpose
of this list (sdy). 

Let's try to keep the redundant material offline and not make this another
c.s.u spin-off.


Please refrain from responding to this message.

Scott Chasin <chasin () crimelab com>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]