From owner-freebsd-current  Sun Feb  9 13:54:36 1997
Return-Path: <owner-current>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id NAA11905
          for current-outgoing; Sun, 9 Feb 1997 13:54:36 -0800 (PST)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA11878;
          Sun, 9 Feb 1997 13:54:21 -0800 (PST)
Received: (from danny@localhost) by panda.hilink.com.au (8.7.6/8.7.3) id IAA23848; Mon, 10 Feb 1997 08:35:45 +1100 (EST)
Date: Mon, 10 Feb 1997 08:35:44 +1100 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Andreas Klemm <andreas@klemm.gtn.com>
cc: David Nugent <davidn@labs.usn.blaze.net.au>, freebsd-hackers@freebsd.org,
        current@freebsd.org
Subject: Re: should permissions of /usr/bin/login be changed to 0100 ???
In-Reply-To: <19970209171649.EU26961@klemm.gtn.com>
Message-ID: <Pine.BSF.3.91.970210083351.427T-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-current@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk



On Sun, 9 Feb 1997, Andreas Klemm wrote:

> > > Our /usr/bin/login program has the following permissions:
> > > -r-sr-xr-x  1 root  bin  24576  6 Feb 01:28 /usr/bin/login
> > > 
> > > Would it be useful to change permissions to 0100 ?
> > 
> > Just removing the setuid bit makes it harmless, but 0100 will
> > prevent anyone but root trying, anyway. I'm all for it.
> 
> So would it be ok, to install "login" with 0100 permissions ? If
> nobody is against it, I'd do the change in -current.
> 
> Wouldn't that be additionally something for 2.2 and 2.1.7 ?
> After the whole security debate ?!

I still don't see why you can't do as I suggested, and make it optional, 
dependent on the perm settings, as per my previous message on this topic.

Danny