From owner-freebsd-hackers  Mon Nov 25 14:13:42 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id OAA13805
          for hackers-outgoing; Mon, 25 Nov 1996 14:13:42 -0800 (PST)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id OAA13793
          for <hackers@FreeBSD.org>; Mon, 25 Nov 1996 14:13:31 -0800 (PST)
Received: (from danny@localhost) by panda.hilink.com.au (8.7.6/8.7.3) id JAA03985; Tue, 26 Nov 1996 09:10:20 +1100 (EST)
Date: Tue, 26 Nov 1996 09:10:20 +1100 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Terry Lambert <terry@lambert.org>
cc: hackers@FreeBSD.org
Subject: Re: Replacing sendmail (Re: non-root users binding to ports < 1024 (was: Re: BoS: Exploit for sendmail smtpd bug (ver. 8.7-8.8.2
In-Reply-To: <199611251951.MAA23104@phaeton.artisoft.com>
Message-ID: <Pine.BSF.3.91.961126090845.1781I-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk



On Mon, 25 Nov 1996, Terry Lambert wrote:

> [ ... sendmail ... ]
> 
> > It is also the most used/public suid program in the world, subject to
> > the most scrutinity (and attack).
> 
> login?

Came up a couple of months ago.  login only needs to be suid root so 
someone can log in again by executing 'login' rather than logging out, or 
logging back in.  It also is a candidate for "set me suid root only if 
needed."

Danny