On Thu, Oct 20, 2005 at 09:48:27PM +0100, Julian Gilbey wrote:
> Just discovered that in etch, /bin/login is not suid, which makes
> anyterm useless. The workaround I used was (I'm sure not totally
> securely, though):
>
> In the anyterm.conf apache configuration file, I gave
> /usr/sbin/anygetty the "--loginprog /usr/sbin/anylogin" option, and
> made anygetty setgid to anyterm (a group created by addgroup --system
> anyterm).
> Then /usr/sbin/anylogin is owned by root:anyterm with privs 4750,
> compiled from:
>
> #define REAL_PATH "/bin/login"
> int main(int ac, char **av)
> {
> execv(REAL_PATH, av);
> }
> Julian, Thanks for the pointer. I am still working on packaging up anyterm and there are a number of security issue with it that must be resolved. This will certainly fall into that category. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto
pgpxaf7x2PGD0.pgp
Description: PGP signature
