SECURITY HOLE in tftpd
Chris Torek
chris at umcp-cs.UUCP
Sat Sep 22 00:20:07 AEST 1984
Perhaps the solution to ``who is the user with no permissions'' is to
claim that every system should have a login and group name of ``guest''
(not necessarily one that can be used to log in). That is, /etc/passwd
might have
.
.
.
guest:*:99:99:Guest account:/tmp:/bin/notashell
.
.
.
and /etc/group would then have
guest:*:99:
in it. Then any setuid program that must have no special permissions
can use getpwnam and/or getgrnam to set its user and group IDs.
Then again, perhaps that's not the solution. (Do I need this? :-))
--
(This page accidently left blank.)
In-Real-Life: Chris Torek, Univ of MD Comp Sci (301) 454-7690
UUCP: {seismo,allegra,brl-bmd}!umcp-cs!chris
CSNet: chris at umcp-cs ARPA: chris at maryland
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list