From owner-freebsd-hackers  Sat Feb  8 22:40:23 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id WAA00942
          for hackers-outgoing; Sat, 8 Feb 1997 22:40:23 -0800 (PST)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA00929
          for <hackers@freebsd.org>; Sat, 8 Feb 1997 22:40:19 -0800 (PST)
Received: (from danny@localhost) by panda.hilink.com.au (8.7.6/8.7.3) id RAA20370; Sun, 9 Feb 1997 17:42:37 +1100 (EST)
Date: Sun, 9 Feb 1997 17:42:37 +1100 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Andreas Klemm <andreas@klemm.gtn.com>, hackers@freebsd.org
Subject: Re: should permissions of /usr/bin/login be changed to 0100 ???
In-Reply-To: <Pine.BSF.3.91.970209165445.427E-100000@panda.hilink.com.au>
Message-ID: <Pine.BSF.3.91.970209174043.427H-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk



On Sun, 9 Feb 1997, Daniel O'Callaghan wrote:

> > 
> > Our /usr/bin/login program has the following permissions:
> > -r-sr-xr-x  1 root  bin  24576  6 Feb 01:28 /usr/bin/login
> > 
> > Would it be useful to change permissions to 0100 ?
> 
> Perhaps better would be to include the following code: 
> 
> if ( !geteuid() ) {
> 	fprintf(stderr, "You must be root to use 'login' on this system.\n");
> 	exit(-1);
> }
> 
> Install /bin/login as mode 555 by default, and if a sysadmin wants to, 
> s/he can make it 4555 and get the original behaviour.

Arrgh!  What a braino!  Below is *much* better.

 if ( geteuid() != 0 ) {
 	fprintf(stderr, "You must be root to use 'login' on this system.\n");
 	exit(-1);
 }

Danny