From owner-freebsd-hackers Mon Feb 24 13:26:35 1997 Return-Path: <owner-hackers> Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA19836 for hackers-outgoing; Mon, 24 Feb 1997 13:26:35 -0800 (PST) Received: from time.cdrom.com (root@time.cdrom.com [204.216.27.226]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA19501; Mon, 24 Feb 1997 13:23:25 -0800 (PST) Received: from time.cdrom.com (jkh@localhost [127.0.0.1]) by time.cdrom.com (8.8.5/8.6.9) with ESMTP id NAA01739; Mon, 24 Feb 1997 13:22:52 -0800 (PST) To: Warner Losh <imp@village.org> cc: Julian Elischer <julian@whistle.com>, Adrian Chadd <adrian@obiwan.aceonline.com.au>, Jake Hamby <jehamby@lightside.com>, hackers@freebsd.org, auditors@freebsd.org Subject: Re: disallow setuid root shells? In-reply-to: Your message of "Mon, 24 Feb 1997 14:16:12 MST." <E0vz7kq-00059M-00@rover.village.org> Date: Mon, 24 Feb 1997 13:22:52 -0800 Message-ID: <1735.856819372@time.cdrom.com> From: "Jordan K. Hubbard" <jkh@time.cdrom.com> Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > I think that I like this better. There are many people that use a > setuid/setgid shell program to allow access to other programs on the > system. At least this was true before sudo and friends. I could also live with this. I have thought a bit more about supporting the exit-on-suid shell hack, and I have to also agree with some of the folks who point out that it really *would* violate POLA and veer dangerously close to just breaking something in support of arbitrary principles rather than good engineering. Feh. This is clearly one of those issues with lots of pros-and-cons on either side. :-) How about if we be conservative and just add logging for now? :-) Jordan