Date: Mon, 15 Jul 1996 22:36:24 -0400 (EDT) From: Brian Tao <taob@io.org> To: Poul-Henning Kamp <phk@freebsd.org> Cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org> Subject: suidness of /usr/bin/login Message-ID: <Pine.NEB.3.92.960715223420.8904G-100000@zap.io.org> In-Reply-To: <4914.837416816@critter.tfs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 15 Jul 1996, Poul-Henning Kamp wrote:
>
> Make a list of them all, remove setuid on any you don't use. Consider
> carefully the minimum permissions you can get away with on the rest.
Does /usr/bin/login need to be setuid root? Since it is normally
only called by telnetd (which already runs as root), does it have to
be setuid root as well? What else uses it? xterm (which itself is
also setuid root)?
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Senior Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.92.960715223420.8904G-100000>