Date: Wed, 17 Jul 1996 01:22:06 -0400 From: erics@now.com (Eric Siegerman) To: freebsd-security@freebsd.org Subject: Re: suidness of /usr/bin/login (fwd) Message-ID: <m0ugP3m-00001MC@business.now.com>
next in thread | raw e-mail | index | archive | help
Dev Chanchani <dev@trifecta.com> wrote: > /usr/bin/login only needs to be suid root for people to "re-login" so > their uid can be set. A couple of data points: - UnixWare (an SVR4.2 port) sets login to mode 550, with ownership root:bin. - Xenix sets it mode 700, ownership bin:bin -- and goes the extra step of putting it in /etc (Xenix's file-system organization predates the etc-sbin-libexec split). Both of these obviously decided the relogin feature was dispensable. Useless historical trivia: Someone mentioned that CSH recognizes "login" and execs the login program directly, without forking first. This feature dates back at least as far as 6th Edition; it's not just a CSHism. It's basically analogous to newgrp(1), and was exactly analogous back then, when a process had only one effective gid. Expect to find this obscure feature in many (most?) shells on many (most?) non-free variants of Unix, ie. those ultimately descended from Bell-Labs Unix. It's vestigial on systems where login has lost its privilege, but is likely in the code nonetheless. (All three of UnixWare 1.1.2's shells try to do this thing, but only in csh(1) is it documented -- and, even if login can be executed, only in KSH does it still work properly :-) That ASH doesn't do this is arguably an incompatibility with Bourne Shell; I'll leave it to others to decide whether it's worth the bother of fixing. (The rationale for doing so is that users might forget that they were nested, and not sign all the way off. Of course, su has that "problem" too... But in 6th Ed, su didn't accept arguments; it was hardwired to become root. I guess people who (legitimately) had the root password were presumed to be too careful to make such mistakes.) -- | | /\ |-_|/ > Eric Siegerman, Toronto, Ont. erics@now.com | | / The government lacked the ability. The rich lacked the compassion, the middle class lacked the willpower, the poor lacked the means. - Lisa Mason
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0ugP3m-00001MC>