From owner-freebsd-security Tue Jul 16 18:30:52 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id SAA29969 for security-outgoing; Tue, 16 Jul 1996 18:30:52 -0700 (PDT) Received: from relay.nuxi.com (nuxi.cs.ucdavis.edu [128.120.56.38]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id SAA29960 for ; Tue, 16 Jul 1996 18:30:49 -0700 (PDT) Received: (from obrien@localhost) by relay.nuxi.com (8.6.12/8.6.12) id SAA20049 for freebsd-security@freebsd.org; Tue, 16 Jul 1996 18:30:54 -0700 From: "David E. O'Brien" Message-Id: <199607170130.SAA20049@relay.nuxi.com> Subject: Re: suidness of /usr/bin/login To: freebsd-security@freebsd.org Date: Tue, 16 Jul 1996 18:30:54 -0700 (PDT) In-Reply-To: <199607161600.QAA27336@gatekeeper.fsl.noaa.gov> from "Sean Kelly" at Jul 16, 96 10:00:55 am X-PGP-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Keyid: 34F9F9D5 X-Mailer: ELM [version 2.4 PL24 ME8a] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Brian> Other than that, there is no real need for it to be > Brian> setuid root (since telnetd and getty are both already > Brian> running as root). I guess this would put it under "setuid > Brian> root subject to local policy". > > Exactly. It's not a terribly useful feature anyway and of all whom I > know are even aware of it, none make use of it. You can always log > out and back in! Not even very useful in Solaris 2.5 running X if you remember you can do this. So why keep it around??? How about a proposal to NOT make login suid in FBSD releases? kongur:~> login login: obrien Password: No utmpx entry. You must exec "login" from the lowest level "shell". kongur:~> -- David (obrien@cs.ucdavis.edu)