Date: Fri, 27 Feb 2004 11:43:50 -0800 (PST) From: Mike Hoskins <mike@adept.org> To: freebsd-security@FreeBSD.ORG Subject: Re: Environment Poisoning and login -p Message-ID: <20040227114106.G29673@snafu.adept.org> In-Reply-To: <xzp65dsem7e.fsf@dwp.des.no> References: <403CEF67.5040004@kientzle.com> <20040226225149.GB73252@nagual.pp.ru> <20040227111353.GA14777@sheol.localdomain> <20040227122718.GA46119@madman.celabo.org> <xzp65dsem7e.fsf@dwp.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 27 Feb 2004, Dag-Erling [iso-8859-1] Sm=F8rgrav wrote:
> Agreed, let's let this discussion die instead. login(1) is no longer
> setuid root, so the whole thing is a non-issue.
to be complete, i assume you mean under 5.x:
mike@snafu{mike}$ uname -r
4.8-RELEASE-p15
mike@snafu{mike}$ ls -al /usr/bin/login
-r-sr-xr-x 1 root wheel 21824 Feb 23 13:45 /usr/bin/login*
hard to believe, but not everyone is using 5.x. ;) still, since 5.x is
stable and fast (...er than 4.x in many ways), i agree making extra work
in the name of 4.x is probably not the best idea when development
resources are already scare.
(of course if someone is paranoid and wants to make relevant patches
against 4.x, and maintain them seperately, i'm sure at least some people
wouldn't object.)
-m
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040227114106.G29673>