[139] in testers
6.3B: activate/attach complaints
daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Fri Jul 21 19:52:12 1989
Date: Fri, 21 Jul 89 19:51:56 -0400
From: Ken Raeburn <raeburn@ATHENA.MIT.EDU>
To: testers@ATHENA.MIT.EDU, tytso@ATHENA.MIT.EDU
When I ran "activate" while logging in by dialup to lycus, I got
warning messages saying that I couldn't use the "-override" or
"-setuid" options. I assume that this machine could have been
configured to default to "nosuid", and therefore I would have had
problems running, e.g., "rlogin".
I don't think that attach is the right place to fix this; if
"activate" is going to perform functions that require root privileges,
it should get them. We could make it a real C program, or make it a
mini-program that runs the real script -- via absolute pathname -- as
root. (A setuid shell script, of course, is a Bad Thing.)
(I think this would also let us make /etc/clusterinfo* no longer be
world-writable, which could in some circumstances be another potential
security problem.)
However, I DO think that perhaps attach should be changed such that it
doesn't attempt to invoke "trusted" privileges unless it needs to,
i.e., unless the command line options specify something that is
forbidden to non-trusted users.
-- Ken
