From owner-freebsd-security@FreeBSD.ORG  Fri Feb 27 11:44:05 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7102216A4CE
	for <freebsd-security@FreeBSD.ORG>;
	Fri, 27 Feb 2004 11:44:05 -0800 (PST)
Received: from snafu.adept.org (adsl-67-117-158-73.dsl.snfc21.pacbell.net
	[67.117.158.73])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4ED7C43D2F
	for <freebsd-security@FreeBSD.ORG>;
	Fri, 27 Feb 2004 11:44:05 -0800 (PST)	(envelope-from mike@adept.org)
Received: by snafu.adept.org (Postfix, from userid 1000)
	id 8B9EC9EEF0; Fri, 27 Feb 2004 11:43:50 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by snafu.adept.org (Postfix) with ESMTP id 5C7639B148
	for <freebsd-security@FreeBSD.ORG>;
	Fri, 27 Feb 2004 11:43:50 -0800 (PST)
Date: Fri, 27 Feb 2004 11:43:50 -0800 (PST)
From: Mike Hoskins <mike@adept.org>
To: freebsd-security@FreeBSD.ORG
In-Reply-To: <xzp65dsem7e.fsf@dwp.des.no>
Message-ID: <20040227114106.G29673@snafu.adept.org>
References: <403CEF67.5040004@kientzle.com>
	<20040226225149.GB73252@nagual.pp.ru>
	<20040227111353.GA14777@sheol.localdomain>
	<20040227122718.GA46119@madman.celabo.org>
	<xzp65dsem7e.fsf@dwp.des.no>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=iso-8859-1
Content-Transfer-Encoding: QUOTED-PRINTABLE
Subject: Re: Environment Poisoning and login -p
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Feb 2004 19:44:05 -0000

On Fri, 27 Feb 2004, Dag-Erling [iso-8859-1] Sm=F8rgrav wrote:
> Agreed, let's let this discussion die instead.  login(1) is no longer
> setuid root, so the whole thing is a non-issue.

to be complete, i assume you mean under 5.x:

mike@snafu{mike}$ uname -r
4.8-RELEASE-p15
mike@snafu{mike}$ ls -al /usr/bin/login
-r-sr-xr-x  1 root  wheel  21824 Feb 23 13:45 /usr/bin/login*

hard to believe, but not everyone is using 5.x.  ;)  still, since 5.x is
stable and fast (...er than 4.x in many ways), i agree making extra work
in the name of 4.x is probably not the best idea when development
resources are already scare.

(of course if someone is paranoid and wants to make relevant patches
against 4.x, and maintain them seperately, i'm sure at least some people
wouldn't object.)

-m