Date: Tue, 16 Jul 1996 08:34:48 -0600 From: Sean Kelly <kelly@fsl.noaa.gov> To: taob@io.org Cc: phk@freebsd.org, freebsd-security@freebsd.org Subject: Re: suidness of /usr/bin/login Message-ID: <199607161434.OAA26815@gatekeeper.fsl.noaa.gov> In-Reply-To: <Pine.NEB.3.92.960715223420.8904G-100000@zap.io.org> (message from Brian Tao on Mon, 15 Jul 1996 22:36:24 -0400 (EDT))
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Brian" == Brian Tao <taob@io.org> writes: Brian> Does /usr/bin/login need to be setuid root? Since it Brian> is normally only called by telnetd (which already runs as Brian> root), does it have to be setuid root as well? What else Brian> uses it? getty also uses it. And in general, users are capable of typing exec /usr/bin/login to terminate one login session and start another, on the same tty/pty. In fact, csh/tcsh has a builtin `login' which does the exec. To offer this feature, it needs to be setuid-root. -- Sean Kelly NOAA Forecast Systems Laboratory kelly@fsl.noaa.gov Boulder Colorado USA http://www-sdd.fsl.noaa.gov/~kelly/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607161434.OAA26815>