From owner-freebsd-security  Thu Aug 30 11:18:37 2001
Delivered-To: freebsd-security@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9D95137B639; Thu, 30 Aug 2001 11:18:25 -0700 (PDT)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.11.4/8.11.4) id f7UIHNa66577;
	Thu, 30 Aug 2001 14:17:23 -0400 (EDT)
	(envelope-from wollman)
Date: Thu, 30 Aug 2001 14:17:23 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200108301817.f7UIHNa66577@khavrinen.lcs.mit.edu>
To: Joerg Wunsch <joerg_wunsch@interface-systems.de>
Cc: audit@FreeBSD.ORG, security@FreeBSD.ORG
Subject: why does telnetd run as root?
In-Reply-To: <20010830201102.O69247@ida.interface-business.de>
References: <20010830201102.O69247@ida.interface-business.de>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

<<On Thu, 30 Aug 2001 20:11:02 +0200, Joerg Wunsch <j@ida.interface-business.de> said:

> But then, it's IMHO much safer to run telnetd as user
> `daemon', and have login(1) allow user daemon to pass -h.

Only works for cleartext password authentication.

-GAWollman


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message