From owner-freebsd-security  Mon Jul 15 21:08:36 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id VAA28796
          for security-outgoing; Mon, 15 Jul 1996 21:08:36 -0700 (PDT)
Received: from kechara.flame.org (kechara.flame.org [192.80.44.209])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id VAA28753;
          Mon, 15 Jul 1996 21:08:06 -0700 (PDT)
Received: from zhaneel.flame.org (zhaneel.flame.org [192.80.44.210]) by kechara.flame.org (8.7.5/8.6.9) with ESMTP id AAA08373; Tue, 16 Jul 1996 00:07:30 -0400 (EDT)
Received: (from explorer@localhost) by zhaneel.flame.org (8.7.5/8.6.9) id AAA00281; Tue, 16 Jul 1996 00:07:26 -0400 (EDT)
To: Brian Tao <taob@io.org>
Cc: Poul-Henning Kamp <phk@FreeBSD.org>,
        FREEBSD-SECURITY-L <freebsd-security@FreeBSD.org>
Subject: Re: suidness of /usr/bin/login
References: <Pine.NEB.3.92.960715223420.8904G-100000@zap.io.org>
From: Michael Graff <explorer@flame.org>
Date: 16 Jul 1996 00:07:25 -0400
In-Reply-To: Brian Tao's message of Mon, 15 Jul 1996 22:36:24 -0400 (EDT)
Message-ID: <v64tn8alj5.fsf@zhaneel.flame.org>
Lines: 14
X-Mailer: Gnus v5.2.33/Emacs 19.31
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

Brian Tao <taob@io.org> writes:

>     Does /usr/bin/login need to be setuid root?  Since it is normally
> only called by telnetd (which already runs as root), does it have to
> be setuid root as well?  What else uses it?  xterm (which itself is
> also setuid root)?

Users?

you can always use ``login foo'' and that is supposed to let someone else
log in, kinda in mid session and all.

--Michael