The /usr/bin/who tool is giving the ip address of all connected users to everyone
An ip address can be used to attack, ddos . . . any user connected on the same server you are.
Disclosing a login name is one thing, not very important, wont allow you to attack the user, but disclosing the ip address is a much more important deal.
I cant find one reason why any user on one server need to know all the ip addresses of all the users connected
This is admin stuff and the who command ( and utmp file ) permissions should be
So that only root and admin users can know all the ips of all the users on a gentoo box.
This is not kernel stuff, this is distro stuff !
Yes its easy to fix it yourself by changing persmissions of who and utmp, but it should be secure by default, on install
Also, yes i know "that's kinda the default in all UNIX systems for like half a century"
But could we agree that this default is silly and unsecure, even if it is 50 year old default ?
This problem is already known :
So I consider it is "already public" and open the bug publicly here, also because its not an important security feaure, just an unneeded and dangerous information disclosure "by default on install"
same problem for /var/log/wtmp and the last command
chmod 550 /var/log/wtmp /var/run/utmp should be a default to protect user privacy ( not disclosing all the ips of all users to all users )
Another thing, netstat and ps information disclosures are not a problem for me since those are kernel side and blocked by a good grsecurity configuration, but utmp and wtmp are not kenrel stuff , so its not grsec s job to fix it
If some consider its a "feature" that any user can easily get ( and spy ) the ip addresses of all other users on the same linux box, perhaps this could be a fix only for the hardened gentoo flavour.
Please note that changing the group ownership to 'adm' as you suggest would break at least net-misc/screen and sys-libs/utempter (required by xterm, kdelibs and others), which are setgid utmp.
(In reply to comment #3)
> Please note that changing the group ownership to 'adm' as you suggest would
> break at least net-misc/screen and sys-libs/utempter (required by xterm,
> kdelibs and others), which are setgid utmp.
yup adm group was just a first idea/workaround I tried
I finally did :
ls -al /var/run/utmp
-r-xr-x--- 1 root utmp 20352 Aug 16 17:38 /var/run/utmp
chmod 550 /var/run/utmp
( same thing for /var/log/wtmp )
and screen is still working here :
2 Sockets in /var/run/screen/username
scren seems to make it well and use per user /var/run/screen/username and NOT /var/run/utmp
perhaps I missed something for screen, but it seems 100 % ok here, probably thanks to this utmp setgid ;)
I dont know for utempter
This all seems fixed to me:
-rwxr-xr-x 1 root root 51792 Feb 25 12:51 /usr/bin/who
-rw-rw-r-- 1 root utmp 179712 Mar 17 16:57 /var/log/wtmp
-rw-rw-r-- 1 root utmp 2304 Mar 17 16:57 /var/run/utmp
Anyone still reporting otherwise?