From owner-freebsd-bugs Sun Jul 21 02:40:06 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id CAA25475 for bugs-outgoing; Sun, 21 Jul 1996 02:40:06 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id CAA25451; Sun, 21 Jul 1996 02:40:02 -0700 (PDT) Date: Sun, 21 Jul 1996 02:40:02 -0700 (PDT) Message-Id: <199607210940.CAA25451@freefall.freebsd.org> To: freebsd-bugs Cc: From: "David E. O'Brien" Subject: Re: bin/1410: /usr/bin/login is suid, with little requirement for this Reply-To: "David E. O'Brien" Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk The following reply was made to PR bin/1410; it has been noted by GNATS. From: "David E. O'Brien" To: bde@zeta.org.au (Bruce Evans) Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: bin/1410: /usr/bin/login is suid, with little requirement for this Date: Sun, 21 Jul 1996 02:35:56 -0700 (PDT) > > /usr/bin/login is suid root > > (-r-sr-xr-x 1 root root 20480 Nov 15 1995 login* > > -- from the FreeBSD 2.1-RELEASE Live FS) > > > This was done orginially so that a different user could login to > > a terminal with a user already logged in. (ie. exec login luser) > > > There is little need for this today. From a discussion on > > freebsd-security, many didn't know of this functionality, and > > no one claimed to depend on it. If active Unix hobbiest didn't > > know of this functionality, IMHO few users will. > > I've found it useful for testing login stuff without risking a hangup. > Bruce Makes sense in your case. But IMHO, that is a special case. And you could manually make /usr/bin/login suid root on the machines you need this functionality on. But do you think /usr/bin/login should be suid root in the general case? -- David (obrien@cs.ucdavis.edu)