>On Mon, 1 Dec 2003, Kyle Sallee wrote:
>
>> > With devpts and libutempter it is possible to install fully functional
>> > screen without suid/sgid.
>>
>> Does that mean any program that links with libutempter gains
>> complete suid/sgid root functionality, or only when executing
>> the functions in the libutempter library, please?
>
>This means you do not need setuid root because devpts sets up the slave
>pty owner and group automatically and you do not need direct access to
>utmp/wtmp, e.g. via setgid utmp, because libtempter functions call an
>external setgid utmp helper called utempter to modify those files (the
>calling process is required to hold a corresponding master pty).
Nearly exactly like in generic SVR4 where ptys are setup using
/usr/lib/pt_chmod; and in Solaris there's the additional "utmp_update"
programs which allows you to set utmp entries; this is all hidden behind the
libc routines.
Casper
Received on Dec 03 2003
Intro
