Subject: Re: Removing dm(1)
To: Soren S. Jorvang <soren@t.dk>
From: Curt Sampson <cjs@portal.ca>
List: tech-security
Date: 11/18/1997 16:29:19
On Tue, 18 Nov 1997, Soren S. Jorvang wrote:

> It does not simplify the security problem, but it does removes a very
> obsolete mechanism. Has anybody here actually used dm.conf within the last
> n years?

It does to some degree. The fact that I can run fish and become
the games user is directly attributable to it being run by dm;
otherwise it would never run suid.

> It also seems to me that most (all?) of the games need no more than being
> setgid games, as all they do (apart from the game stuff) is write score
> files to /var/games . This would also lessen the impact of security holes
> in the games.

Yes, I think that this is an excellent idea.

> While we are at the let's-remove-stuff game, would anybody miss the
> 'ingress' and 'falken' users from the initial master.passwd?

Falken can go, I think; I doubt any of the young crackers these
days even understand the reference.

I still use ingres to own the postgres database stuff. It would be
nice to have standardised userids for the database owner, ftp, www,
and so on, but I don't know that the default password file is the
best place to store this information.

cjs

Curt Sampson    cjs@portal.ca	   Info at http://www.portal.ca/
Internet Portal Services, Inc.	   Through infinite myst, software reverberates
Vancouver, BC  (604) 257-9400	   In code possess'd of invisible folly.