Date: Tue, 16 Jul 1996 18:30:54 -0700 (PDT) From: "David E. O'Brien" <obrien@Nuxi.cs.ucdavis.edu> To: freebsd-security@freebsd.org Subject: Re: suidness of /usr/bin/login Message-ID: <199607170130.SAA20049@relay.nuxi.com> In-Reply-To: <199607161600.QAA27336@gatekeeper.fsl.noaa.gov> from "Sean Kelly" at Jul 16, 96 10:00:55 am
next in thread | previous in thread | raw e-mail | index | archive | help
> Brian> Other than that, there is no real need for it to be
> Brian> setuid root (since telnetd and getty are both already
> Brian> running as root). I guess this would put it under "setuid
> Brian> root subject to local policy".
>
> Exactly. It's not a terribly useful feature anyway and of all whom I
> know are even aware of it, none make use of it. You can always log
> out and back in!
Not even very useful in Solaris 2.5 running X if you remember you can do
this. So why keep it around??? How about a proposal to NOT make login
suid in FBSD releases?
kongur:~> login
login: obrien
Password:
No utmpx entry. You must exec "login" from the lowest level "shell".
kongur:~>
-- David (obrien@cs.ucdavis.edu)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607170130.SAA20049>