From owner-freebsd-hackers Sat Feb 8 21:57:22 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id VAA29070 for hackers-outgoing; Sat, 8 Feb 1997 21:57:22 -0800 (PST) Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id VAA29064 for ; Sat, 8 Feb 1997 21:57:16 -0800 (PST) Received: (from danny@localhost) by panda.hilink.com.au (8.7.6/8.7.3) id QAA20177; Sun, 9 Feb 1997 16:59:07 +1100 (EST) Date: Sun, 9 Feb 1997 16:59:07 +1100 (EST) From: "Daniel O'Callaghan" To: Andreas Klemm cc: hackers@freebsd.org Subject: Re: should permissions of /usr/bin/login be changed to 0100 ??? In-Reply-To: <19970208135454.ZJ37734@klemm.gtn.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sat, 8 Feb 1997, Andreas Klemm wrote: > >From the OPIE README file: > [...] > While an almost universal "feature", most people remain unaware that > an intruder can log into a system, then log in again by running the "login" > command from a shell. Because the second login is from the local host, the > utmp entry will not show a remote login host anymore. The OPIE replacement > for /bin/login currently carries on this behavior for compatibility reasons. > If you would like to prevent this from happening, you should change the > permissions of /bin/login to 0100, thus preventing unprivileged users from > executing it. This fix should work on non-OPIE /bin/login programs as well. > [...] > > Our /usr/bin/login program has the following permissions: > -r-sr-xr-x 1 root bin 24576 6 Feb 01:28 /usr/bin/login > > Would it be useful to change permissions to 0100 ? Perhaps better would be to include the following code: if ( !geteuid() ) { fprintf(stderr, "You must be root to use 'login' on this system.\n"); exit(-1); } Install /bin/login as mode 555 by default, and if a sysadmin wants to, s/he can make it 4555 and get the original behaviour. Danny