From owner-freebsd-bugs  Sat Jul 20 12:40:04 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id MAA10135
          for bugs-outgoing; Sat, 20 Jul 1996 12:40:04 -0700 (PDT)
Received: (from gnats@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id MAA10125;
          Sat, 20 Jul 1996 12:40:02 -0700 (PDT)
Resent-Date: Sat, 20 Jul 1996 12:40:02 -0700 (PDT)
Resent-Message-Id: <199607201940.MAA10125@freefall.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org,
        obrien@Nuxi.cs.ucdavis.edu
Received: from relay.nuxi.com (nuxi.cs.ucdavis.edu [128.120.56.38])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id MAA09108
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 20 Jul 1996 12:30:17 -0700 (PDT)
Received: (from obrien@localhost) by relay.nuxi.com (8.6.12/8.6.12) id MAA03609; Sat, 20 Jul 1996 12:30:27 -0700
Message-Id: <199607201930.MAA03609@relay.nuxi.com>
Date: Sat, 20 Jul 1996 12:30:27 -0700
From: "David E. O'Brien" <obrien@Nuxi.cs.ucdavis.edu>
Reply-To: obrien@Nuxi.cs.ucdavis.edu
To: FreeBSD-gnats-submit@freebsd.org
Cc: obrien@relay.nuxi.com
X-Send-Pr-Version: 3.2
Subject: bin/1410: /usr/bin/login is suid, with little requirement for this
Sender: owner-bugs@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


>Number:         1410
>Category:       bin
>Synopsis:       /usr/bin/login is suid, with little requirement for this
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jul 20 12:40:01 PDT 1996
>Last-Modified:
>Originator:     David E. O'Brien
>Organization:
University of California, Davis
>Release:        FreeBSD 2.1.0-RELEASE i386
>Environment:

	n/a

>Description:

	/usr/bin/login is suid root
	(-r-sr-xr-x   1 root     root       20480 Nov 15  1995 login*
	-- from the FreeBSD 2.1-RELEASE Live FS)

	This was done orginially so that a different user could login to
	a terminal with a user already logged in.  (ie. exec login luser)

	There is little need for this today.  From a discussion on
	freebsd-security, many didn't know of this functionality, and
	no one claimed to depend on it.  If active Unix hobbiest didn't
	know of this functionality, IMHO few users will.

	From the standpoint of security, every suid root program is a
	danger to system security.  Therefore, there should be a good
	justification for each of them (tradition is not a good
	justification).  In light of FreeBSD's positioning as a prime
	choice for ISP implimentation, this is especially true.

>How-To-Repeat:

	ls -l  /usr/bin/login

>Fix:

	I propose that future releases of FreeBSD do not install
	/usr/bin/login suid root.
>Audit-Trail:
>Unformatted: