From owner-freebsd-hackers Sun Feb 9 09:25:24 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA24833 for hackers-outgoing; Sun, 9 Feb 1997 09:25:24 -0800 (PST) Received: from news1.gtn.com (news1.gtn.com [194.77.0.15]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA24828; Sun, 9 Feb 1997 09:25:21 -0800 (PST) Received: (from uucp@localhost) by news1.gtn.com (8.7.2/8.7.2) with UUCP id SAA13068; Sun, 9 Feb 1997 18:15:36 +0100 (MET) Received: (from andreas@localhost) by klemm.gtn.com (8.8.5/8.8.2) id RAA02064; Sun, 9 Feb 1997 17:16:49 +0100 (MET) Message-ID: <19970209171649.EU26961@klemm.gtn.com> Date: Sun, 9 Feb 1997 17:16:49 +0100 From: andreas@klemm.gtn.com (Andreas Klemm) To: davidn@labs.usn.blaze.net.au (David Nugent) Cc: freebsd-hackers@freebsd.org, current@freebsd.org Subject: Re: should permissions of /usr/bin/login be changed to 0100 ??? References: <19970208135454.ZJ37734@klemm.gtn.com> <19970210010326.55168@usn.blaze.net.au> X-Mailer: Mutt 0.60-PL0 Mime-Version: 1.0 In-Reply-To: <19970210010326.55168@usn.blaze.net.au>; from "David Nugent" on Feb 10, 1997 01:03:26 +1100 Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk David Nugent writes: > On Feb 02, 1997 at 01:54:54PM, Andreas Klemm wrote: > > >From the OPIE README file: > > [...] > > While an almost universal "feature", most people remain unaware that > > an intruder can log into a system, then log in again by running the "login" > > command from a shell. Because the second login is from the local host, the > > utmp entry will not show a remote login host anymore. The OPIE replacement > > for /bin/login currently carries on this behavior for compatibility reasons. > > Compatibility that is broken, imho. It breaks wtmp (and therefore > last(1)), for example, by having a login record (the original) with > no logout record. > > > > If you would like to prevent this from happening, you should change the > > permissions of /bin/login to 0100, thus preventing unprivileged users from > > executing it. This fix should work on non-OPIE /bin/login programs as well. > > Actually, imho, NO user should be able to execute it. login should > not be setuid. I see no functionality that su(1) doesn't already > take care of. > > > > Our /usr/bin/login program has the following permissions: > > -r-sr-xr-x 1 root bin 24576 6 Feb 01:28 /usr/bin/login > > > > Would it be useful to change permissions to 0100 ? > > Just removing the setuid bit makes it harmless, but 0100 will > prevent anyone but root trying, anyway. I'm all for it. So would it be ok, to install "login" with 0100 permissions ? If nobody is against it, I'd do the change in -current. Wouldn't that be additionally something for 2.2 and 2.1.7 ? After the whole security debate ?! -- andreas@klemm.gtn.com /\/\___ Wiechers & Partner Datentechnik GmbH Andreas Klemm ___/\/\/ Support Unix -- andreas.klemm@wup.de pgp p-key http://www-swiss.ai.mit.edu/~bal/pks-toplev.html >>> powered by <<< ftp://sunsite.unc.edu/pub/Linux/system/Printing/aps-491.tgz >>> FreeBSD <<<