utmp and friends

[Miroslav Lichvar]

Hi,

I'd like to ask some questions about terminal emulators and utmp.

In /var/run/utmp file is stored information about who is currently
using the system. The file is writable only for group utmp, so there
has to be a mechanism that will allow terminal emulators to add
entries to the file.

A library called libutempter (used by xterm and konsole) allows to
modify the file only to processes that have group utempter. It used to
work without setgid, but the utempter binary used by the library is
hidden in a directory with permissions "drwx--x--- root utempter"
since FC6.

The problem is that setgid binaries have some environment variables
like LD_LIBRARY_PATH and TMPDIR removed. I got bugs #229360 #243069
reported for xterm. Unfortunately I can't fix it unless utempter is
accessible without setgid. Do we really need to protect the file from
bad applications?

Gnome-terminal, on the other hand, uses gnome-pty-helper binary that
has utmp setgid. The binary is not hidden and every application can
make entries in the utmp file.

To have some consistency, either gnome-pty-helper needs to be also
made accessible only to the utempter group and gnome-terminal is made
setgid or utemper is made accessible to everyone and xterm drops setgid.

Which path are we going to follow? Comments?

-- 
Miroslav Lichvar