From owner-freebsd-security  Sat May  5  6:57:32 2001
Delivered-To: freebsd-security@freebsd.org
Received: from hotmail.com (f53.law8.hotmail.com [216.33.241.53])
	by hub.freebsd.org (Postfix) with ESMTP id 0F91A37B422
	for <freebsd-security@freebsd.org>; Sat,  5 May 2001 06:57:30 -0700 (PDT)
	(envelope-from dominic_marks@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Sat, 5 May 2001 06:57:29 -0700
Received: from 194.72.9.37 by lw8fd.law8.hotmail.msn.com with HTTP;	Sat, 05 May 2001 13:57:29 GMT
X-Originating-IP: [194.72.9.37]
From: "Dominic Marks" <dominic_marks@hotmail.com>
To: freebsd-security@freebsd.org
Subject: Login Permissions
Date: Sat, 05 May 2001 13:57:29 -0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F53ngr5tTXeCOtrsbMe00002e67@hotmail.com>
X-OriginalArrivalTime: 05 May 2001 13:57:29.0368 (UTC) FILETIME=[52CBD180:01C0D56B]
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Login can be executed by any user connected with a local or remote shell. 
Login could therefore be used as a forkbomb/dos attack which could be used 
to eat resources (and possbibly ttys?).

Should login be set as chmod 700?

After discussing this on IRC we couldn't think of a reason as to why this 
would break anything.

Any thoughts/comments?

Dominic Marks
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message