[pups] STYX and 2.11BSD licensing
Edward Brocklesby
ejb at leguin.org.uk
Sat Apr 7 06:47:57 AEST 2001
On Friday 06 April 2001 5:45 pm, Lars J. Buitinck wrote:
> Couple of suggestions:
>
> 1. Make a user account that automatically replies to email by sending a
> user a copy of the SCO license and an automatically generated code,
> which the user should then send back to be added to the src group. I
> could write a program for you.
Hmm, yes.. would it just ask them to accept the license, or direct them to
SCO's site, and get them to send back SCO's license code? I'm really not
sure of the legal issues surrounding this (or even how much it matters,
now that it only takes 5 minutes to obtain a license..)
> 2. Make a program that checks whether a user is in the src group, if
> not displays the SCO license, asks if the user accepts the license, if
> so adds the user to the src group. Problem is that this program should
> be SUID...
Locking the group file and securely updating it shouldn't be *too* hard, but
yes, I'd prefer not to have many setuid programs around (I've already done
a small audit of the code and fixed a couple of security bugs, and removed
setuid bits from as many programs as possible.. I really wouldn't want someone
to have root on it, simply because it would allow them to take any IP address
on the host's network).
> I'll start working on the first suggested program rightaway. Don't have
> much else to do anyway ;-)
cheers :>
-larne-
PS- styx is down right now, it's getting it's own (100% dedicated :) box,
hosted at tele.dk.. this should be setup over the weekend, then it'll be
up and running again.
Also, if anyone wants my INET_RESTRICT kernel patch (which only allows users
in INET_GROUP to call connect()) for 2.11BSD, I can put it online somewhere
(although it's really not that difficult to implement). Also if 2.11BSD is
still being maintained, the setproctitle() vulnerability recently discovered
in 4BSD derived ftpd is still present (trivial fix - change
setproctitle(title) to setproctitle("%s", title)). I'm still going through
various 4BSD code security problems to determine which are present in 2BSD.
And lastly, if anyone wants source to the newuser program I used, I can put
that online too.
Received: (from major at localhost)
by minnie.cs.adfa.edu.au (8.9.3/8.9.3) id JAA50238
for pups-liszt; Sat, 7 Apr 2001 09:45:06 +1000 (EST)
(envelope-from owner-pups at minnie.cs.adfa.edu.au)
More information about the TUHS
mailing list