From owner-freebsd-security  Mon Jul 15 19:36:40 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id TAA19339
          for security-outgoing; Mon, 15 Jul 1996 19:36:40 -0700 (PDT)
Received: from post.io.org (post.io.org [198.133.36.6])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id TAA19323;
          Mon, 15 Jul 1996 19:36:34 -0700 (PDT)
Received: from zap.io.org (taob@zap.io.org [198.133.36.81]) by post.io.org (8.7.5/8.7.3) with SMTP id WAA06200; Mon, 15 Jul 1996 22:36:24 -0400 (EDT)
Date: Mon, 15 Jul 1996 22:36:24 -0400 (EDT)
From: Brian Tao <taob@io.org>
To: Poul-Henning Kamp <phk@freebsd.org>
cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org>
Subject: suidness of /usr/bin/login
In-Reply-To: <4914.837416816@critter.tfs.com>
Message-ID: <Pine.NEB.3.92.960715223420.8904G-100000@zap.io.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 15 Jul 1996, Poul-Henning Kamp wrote:
>
> Make a list of them all, remove setuid on any you don't use.  Consider
> carefully the minimum permissions you can get away with on the rest.

    Does /usr/bin/login need to be setuid root?  Since it is normally
only called by telnetd (which already runs as root), does it have to
be setuid root as well?  What else uses it?  xterm (which itself is
also setuid root)?
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Senior Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"