Date: Tue, 26 Nov 1996 09:10:20 +1100 (EST) From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: Terry Lambert <terry@lambert.org> Cc: hackers@FreeBSD.org Subject: Re: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2 Message-ID: <Pine.BSF.3.91.961126090845.1781I-100000@panda.hilink.com.au> In-Reply-To: <199611251951.MAA23104@phaeton.artisoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 25 Nov 1996, Terry Lambert wrote: > [ ... sendmail ... ] > > > It is also the most used/public suid program in the world, subject to > > the most scrutinity (and attack). > > login? Came up a couple of months ago. login only needs to be suid root so someone can log in again by executing 'login' rather than logging out, or logging back in. It also is a candidate for "set me suid root only if needed." Danny
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.961126090845.1781I-100000>