Date: Sat, 20 Jul 1996 12:30:27 -0700 From: "David E. O'Brien" <obrien@Nuxi.cs.ucdavis.edu> To: FreeBSD-gnats-submit@freebsd.org Cc: obrien@relay.nuxi.com Subject: bin/1410: /usr/bin/login is suid, with little requirement for this Message-ID: <199607201930.MAA03609@relay.nuxi.com> Resent-Message-ID: <199607201940.MAA10125@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1410 >Category: bin >Synopsis: /usr/bin/login is suid, with little requirement for this >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Jul 20 12:40:01 PDT 1996 >Last-Modified: >Originator: David E. O'Brien >Organization: University of California, Davis >Release: FreeBSD 2.1.0-RELEASE i386 >Environment: n/a >Description: /usr/bin/login is suid root (-r-sr-xr-x 1 root root 20480 Nov 15 1995 login* -- from the FreeBSD 2.1-RELEASE Live FS) This was done orginially so that a different user could login to a terminal with a user already logged in. (ie. exec login luser) There is little need for this today. From a discussion on freebsd-security, many didn't know of this functionality, and no one claimed to depend on it. If active Unix hobbiest didn't know of this functionality, IMHO few users will. From the standpoint of security, every suid root program is a danger to system security. Therefore, there should be a good justification for each of them (tradition is not a good justification). In light of FreeBSD's positioning as a prime choice for ISP implimentation, this is especially true. >How-To-Repeat: ls -l /usr/bin/login >Fix: I propose that future releases of FreeBSD do not install /usr/bin/login suid root. >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607201930.MAA03609>