current-users: Re: secure, limited, privilege escalation (was: What's in my swap)

Subject: Re: secure, limited, privilege escalation (was: What's in my swap)
To: NetBSD-current Users's Discussion List <current-users@netbsd.org>
From: Geert Hendrickx <ghen@NetBSD.org>
List: current-users
Date: 08/03/2006 22:30:40

--IS0zKkzwUGydFO0o
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Aug 03, 2006 at 04:12:41PM -0400, Greg A. Woods wrote:
> > - we should create separate groups to implement shutdown(8) and backup
> >   privileges. =20
>=20
> That's not so easy as it might seem.

Why not?  Currently, /sbin/shutdown is 4550 for root:operator, so only
users in the operator group can execute it (with elevated privileges).
It's as easy as chgrp'ing it to another group (say, "shutdown"), and adding
users to that group. =20

	Geert

--IS0zKkzwUGydFO0o
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (NetBSD)

iQEVAwUBRNJc8ILS9urEu56fAQJa9Qf9EW3H+BUVmQF3SK+/gedTcbHoFWpE3P00
pAsJSKzXyLIBSLi19MqfEwP4mZEvOX447oJH7drWcACupaRz02YDqW2nZbkTF0af
i5Zj8vlEMhb22Xdfcbtc/sZgKuBJmzbynJ+QIxE1omHnbprgjOisUI7b/FMPtFMk
aDJ6EugOJ0XZcA3jqV9Y6KQW1ryDhxVvAtt0l/DXls9hvFspSXMNYR8G0LYWNYEs
Xxt/UKnN4FwExqQAa6VxWoiB7NTApkZRb+I258WGPxxYh/GHy9+Y/Hgib/fa5tXG
0ZpesFLZlqDmLbXfFhl8JmqepgnX7FbhXRwUaajnsbghrn6dRn2qKA==
=uNFU
-----END PGP SIGNATURE-----

--IS0zKkzwUGydFO0o--