Date: Sat, 20 Jul 1996 21:20:01 -0700 (PDT) From: Bruce Evans <bde@zeta.org.au> To: freebsd-bugs Subject: Re: bin/1410: /usr/bin/login is suid, with little requirement for this Message-ID: <199607210420.VAA10685@freefall.freebsd.org>
index | next in thread | raw e-mail
The following reply was made to PR bin/1410; it has been noted by GNATS. From: Bruce Evans <bde@zeta.org.au> To: FreeBSD-gnats-submit@FreeBSD.ORG, obrien@Nuxi.cs.ucdavis.edu Cc: obrien@relay.nuxi.com Subject: Re: bin/1410: /usr/bin/login is suid, with little requirement for this Date: Sun, 21 Jul 1996 14:04:45 +1000 > /usr/bin/login is suid root > (-r-sr-xr-x 1 root root 20480 Nov 15 1995 login* > -- from the FreeBSD 2.1-RELEASE Live FS) > This was done orginially so that a different user could login to > a terminal with a user already logged in. (ie. exec login luser) > There is little need for this today. From a discussion on > freebsd-security, many didn't know of this functionality, and > no one claimed to depend on it. If active Unix hobbiest didn't > know of this functionality, IMHO few users will. I've found it useful for testing login stuff without risking a hangup. Brucehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607210420.VAA10685>