Date: Tue, 22 May 2012 13:50:27 -0400 From: Rich Felker <dalias@...ifal.cx> To: musl@...ts.openwall.com Subject: Re: make -i with linux-pam On Tue, May 22, 2012 at 06:51:50PM +0200, Christian Neukirchen wrote: > > haha, no. I was more refering to the fact that i'm pretty sure no one > > _wants_ utmp. It's just that you need it around for compiling code > > from last century. > > A bit OT: I realize utmp has major flaws, but the feature itself (seeing > which users are logged in) I consider useful, for machines with more > than one user. How else can that be done? Assuming the logins are not on local vts, ls -l /dev/pts works well. This is actually a fairly major information leak, and I'm not sure how to close it. Removing read permission from /dev/pts does not really help because one can just call stat on each sequential number and see if it exists and who owns it. Removing search permission from /dev/pts would prevent ptys from being used whatsoever. Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.