Date: Sat, 8 Feb 1997 13:54:54 +0100 From: andreas@klemm.gtn.com (Andreas Klemm) To: hackers@freebsd.org Subject: should permissions of /usr/bin/login be changed to 0100 ??? Message-ID: <19970208135454.ZJ37734@klemm.gtn.com>
next in thread | raw e-mail | index | archive | help
>From the OPIE README file:
[...]
While an almost universal "feature", most people remain unaware that
an intruder can log into a system, then log in again by running the "login"
command from a shell. Because the second login is from the local host, the
utmp entry will not show a remote login host anymore. The OPIE replacement
for /bin/login currently carries on this behavior for compatibility reasons.
If you would like to prevent this from happening, you should change the
permissions of /bin/login to 0100, thus preventing unprivileged users from
executing it. This fix should work on non-OPIE /bin/login programs as well.
[...]
Our /usr/bin/login program has the following permissions:
-r-sr-xr-x 1 root bin 24576 6 Feb 01:28 /usr/bin/login
Would it be useful to change permissions to 0100 ?
Andreas ///
--
andreas@klemm.gtn.com /\/\___ Wiechers & Partner Datentechnik GmbH
Andreas Klemm ___/\/\/ Support Unix -- andreas.klemm@wup.de
pgp p-key http://www-swiss.ai.mit.edu/~bal/pks-toplev.html >>> powered by <<<
ftp://sunsite.unc.edu/pub/Linux/system/Printing/aps-491.tgz >>> FreeBSD <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970208135454.ZJ37734>