From owner-freebsd-hackers Sat Feb 8 20:34:24 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id UAA25029 for hackers-outgoing; Sat, 8 Feb 1997 20:34:24 -0800 (PST) Received: from news1.gtn.com (news1.gtn.com [194.77.0.15]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id UAA25020 for ; Sat, 8 Feb 1997 20:34:20 -0800 (PST) Received: (from uucp@localhost) by news1.gtn.com (8.7.2/8.7.2) with UUCP id OAA27941 for hackers@freebsd.org; Sat, 8 Feb 1997 14:20:33 +0100 (MET) Received: (from andreas@localhost) by klemm.gtn.com (8.8.5/8.8.2) id NAA04710; Sat, 8 Feb 1997 13:54:55 +0100 (MET) Message-ID: <19970208135454.ZJ37734@klemm.gtn.com> Date: Sat, 8 Feb 1997 13:54:54 +0100 From: andreas@klemm.gtn.com (Andreas Klemm) To: hackers@freebsd.org Subject: should permissions of /usr/bin/login be changed to 0100 ??? X-Mailer: Mutt 0.60-PL0 Mime-Version: 1.0 Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >From the OPIE README file: [...] While an almost universal "feature", most people remain unaware that an intruder can log into a system, then log in again by running the "login" command from a shell. Because the second login is from the local host, the utmp entry will not show a remote login host anymore. The OPIE replacement for /bin/login currently carries on this behavior for compatibility reasons. If you would like to prevent this from happening, you should change the permissions of /bin/login to 0100, thus preventing unprivileged users from executing it. This fix should work on non-OPIE /bin/login programs as well. [...] Our /usr/bin/login program has the following permissions: -r-sr-xr-x 1 root bin 24576 6 Feb 01:28 /usr/bin/login Would it be useful to change permissions to 0100 ? Andreas /// -- andreas@klemm.gtn.com /\/\___ Wiechers & Partner Datentechnik GmbH Andreas Klemm ___/\/\/ Support Unix -- andreas.klemm@wup.de pgp p-key http://www-swiss.ai.mit.edu/~bal/pks-toplev.html >>> powered by <<< ftp://sunsite.unc.edu/pub/Linux/system/Printing/aps-491.tgz >>> FreeBSD <<<