Date: Fri, 27 Feb 2004 11:43:50 -0800 (PST) From: Mike Hoskins <mike@adept.org> To: freebsd-security@FreeBSD.ORG Subject: Re: Environment Poisoning and login -p Message-ID: <20040227114106.G29673@snafu.adept.org> In-Reply-To: <xzp65dsem7e.fsf@dwp.des.no> References: <403CEF67.5040004@kientzle.com> <20040226225149.GB73252@nagual.pp.ru> <20040227111353.GA14777@sheol.localdomain> <20040227122718.GA46119@madman.celabo.org> <xzp65dsem7e.fsf@dwp.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 27 Feb 2004, Dag-Erling [iso-8859-1] Sm=F8rgrav wrote: > Agreed, let's let this discussion die instead. login(1) is no longer > setuid root, so the whole thing is a non-issue. to be complete, i assume you mean under 5.x: mike@snafu{mike}$ uname -r 4.8-RELEASE-p15 mike@snafu{mike}$ ls -al /usr/bin/login -r-sr-xr-x 1 root wheel 21824 Feb 23 13:45 /usr/bin/login* hard to believe, but not everyone is using 5.x. ;) still, since 5.x is stable and fast (...er than 4.x in many ways), i agree making extra work in the name of 4.x is probably not the best idea when development resources are already scare. (of course if someone is paranoid and wants to make relevant patches against 4.x, and maintain them seperately, i'm sure at least some people wouldn't object.) -m
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040227114106.G29673>