From owner-freebsd-security  Mon Nov 13 11:34:00 1995
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id LAA21368
          for security-outgoing; Mon, 13 Nov 1995 11:34:00 -0800
Received: from Root.COM (implode.Root.COM [198.145.90.17])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id LAA21347
          ; Mon, 13 Nov 1995 11:33:55 -0800
Received: from corbin.Root.COM (corbin [198.145.90.50]) by Root.COM (8.6.12/8.6.5) with ESMTP id LAA26943; Mon, 13 Nov 1995 11:33:53 -0800
Received: from localhost (localhost [127.0.0.1]) by corbin.Root.COM (8.6.12/8.6.5) with SMTP id LAA04201; Mon, 13 Nov 1995 11:29:39 -0800
Message-Id: <199511131929.LAA04201@corbin.Root.COM>
To: Peter Wemm <peter@jhome.dialix.com>
cc: ache@astral.msk.su, committers@freebsd.org, security@freebsd.org
Subject: Re: cvs commit: CVSROOT log_accum.pl 
In-reply-to: Your message of "Tue, 14 Nov 95 02:26:45 +0800."
             <Pine.BSF.3.91.951114020403.353D-100000@jhome.DIALix.COM> 
From: David Greenman <davidg@Root.COM>
Reply-To: davidg@Root.COM
Date: Mon, 13 Nov 1995 11:29:34 -0800
Sender: owner-security@freebsd.org
Precedence: bulk

>I wonder if this is really appropriate though.  We are supposed to be 
>able to trust root or setuid programs (they can call reboot() after 
>all).  I'm not convinced that making setlogin() fail for root is an 
>inherently safe operation...

   Agreed? setlogin() should not fail for root session leaders.

>I suspect the ideal fix would be to change the semantics to use something
>like the credentials system where it's reference counted and copy-on-write
>when a process changes it.  I suspect it would be better for new processes

   Gack. No, let's keep the current mechanism.

>BTW: I suspect "struct ucred" should be reordered for better internal 
>alignment..  

   That's fine by me.

-DG