From owner-freebsd-hackers  Mon Feb 24 13:26:35 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id NAA19836
          for hackers-outgoing; Mon, 24 Feb 1997 13:26:35 -0800 (PST)
Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA19501;
          Mon, 24 Feb 1997 13:23:25 -0800 (PST)
Received: from time.cdrom.com (jkh@localhost [127.0.0.1]) by time.cdrom.com (8.8.5/8.6.9) with ESMTP id NAA01739; Mon, 24 Feb 1997 13:22:52 -0800 (PST)
To: Warner Losh <imp@village.org>
cc: Julian Elischer <julian@whistle.com>,
        Adrian Chadd <adrian@obiwan.aceonline.com.au>,
        Jake Hamby <jehamby@lightside.com>, hackers@freebsd.org,
        auditors@freebsd.org
Subject: Re: disallow setuid root shells? 
In-reply-to: Your message of "Mon, 24 Feb 1997 14:16:12 MST."
             <E0vz7kq-00059M-00@rover.village.org> 
Date: Mon, 24 Feb 1997 13:22:52 -0800
Message-ID: <1735.856819372@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> I think that I like this better.  There are many people that use a
> setuid/setgid shell program to allow access to other programs on the
> system.  At least this was true before sudo and friends.

I could also live with this.  I have thought a bit more about
supporting the exit-on-suid shell hack, and I have to also agree with
some of the folks who point out that it really *would* violate POLA
and veer dangerously close to just breaking something in support of
arbitrary principles rather than good engineering.  Feh.  This is
clearly one of those issues with lots of pros-and-cons on either
side. :-)

How about if we be conservative and just add logging for now? :-)

					Jordan