From owner-freebsd-bugs  Sat Jul 20 21:20:03 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id VAA10705
          for bugs-outgoing; Sat, 20 Jul 1996 21:20:03 -0700 (PDT)
Received: (from gnats@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id VAA10685;
          Sat, 20 Jul 1996 21:20:01 -0700 (PDT)
Date: Sat, 20 Jul 1996 21:20:01 -0700 (PDT)
Message-Id: <199607210420.VAA10685@freefall.freebsd.org>
To: freebsd-bugs
Cc: 
From: Bruce Evans <bde@zeta.org.au>
Subject: Re: bin/1410: /usr/bin/login is suid, with little requirement for this
Reply-To: Bruce Evans <bde@zeta.org.au>
Sender: owner-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

The following reply was made to PR bin/1410; it has been noted by GNATS.

From: Bruce Evans <bde@zeta.org.au>
To: FreeBSD-gnats-submit@FreeBSD.ORG, obrien@Nuxi.cs.ucdavis.edu
Cc: obrien@relay.nuxi.com
Subject: Re: bin/1410: /usr/bin/login is suid, with little requirement for this
Date: Sun, 21 Jul 1996 14:04:45 +1000

 >	/usr/bin/login is suid root
 >	(-r-sr-xr-x   1 root     root       20480 Nov 15  1995 login*
 >	-- from the FreeBSD 2.1-RELEASE Live FS)
 
 >	This was done orginially so that a different user could login to
 >	a terminal with a user already logged in.  (ie. exec login luser)
 
 >	There is little need for this today.  From a discussion on
 >	freebsd-security, many didn't know of this functionality, and
 >	no one claimed to depend on it.  If active Unix hobbiest didn't
 >	know of this functionality, IMHO few users will.
 
 I've found it useful for testing login stuff without risking a hangup.
 
 Bruce