Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 25 Jul 2016 15:13:51 +0300
From: Solar Designer <>
Cc: "Eric W. Biederman" <>,
Subject: Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package

Replying out of context (not related to the specific getlogin() issue):

On Mon, Jul 25, 2016 at 10:39:30AM +0200, Sebastian Krahmer wrote:
> Err, sorry. Shared UID, different name

As a special case, this is common practice for UID 0 (root) accounts of
multiple sysadmins, providing poor man's accountability (due to the
different account names getting in all the usual logs, without having to
check which specific SSH key, etc. was used for a given login session).
We even have a tool to support it for single-user mode logins as well:

The far more common alternative to it is to use su or sudo from the
multiple sysadmins' non-root accounts.  A problem with it is that if use
of those non-root accounts is not restricted solely to su/sudo from
them, but they are also used to run other programs as non-root, then any
of those other programs may take over the root account (possibly in
multiple steps, such as by substituting shell aliases and waiting for
the sysadmin to run su/sudo next time).  To avoid this, we'd arrive at
the need to have two non-root accounts per sysadmin (and to have su/sudo
available to only one set of those accounts, so as not to expose those
programs' vulnerabilities to the other set of accounts, nor to regular
users of the system, unnecessarily), - or to have per-sysadmin root
accounts.  The latter is simpler.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.