From owner-freebsd-security  Tue Jul 16 01:32:23 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id BAA24173
          for security-outgoing; Tue, 16 Jul 1996 01:32:23 -0700 (PDT)
Received: from solar.tlk.com (root@solar.tlk.com [194.97.84.34])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id BAA24152;
          Tue, 16 Jul 1996 01:32:16 -0700 (PDT)
Received: by solar.tlk.com 
	id <m0ug5Y7-00022jC@solar.tlk.com>; Tue, 16 Jul 96 10:32 MET DST
Message-Id: <m0ug5Y7-00022jC@solar.tlk.com>
From: torstenb@solar.tlk.com (Torsten Blum)
Subject: Re: suidness of /usr/bin/login
To: taob@io.org (Brian Tao)
Date: Tue, 16 Jul 1996 10:32:07 +0200 (MET DST)
Cc: phk@freebsd.org, freebsd-security@freebsd.org
Reply-To: torstenb@freefall.freebsd.org
In-Reply-To: <Pine.NEB.3.92.960715223420.8904G-100000@zap.io.org> from Brian Tao at "Jul 15, 96 10:36:24 pm"
Reply-To: torstenb@tlk.com
X-Mailer: ELM [version 2.4ME+ PL22 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Brian Tao wrote:

>     Does /usr/bin/login need to be setuid root?  Since it is normally
> only called by telnetd (which already runs as root), does it have to
> be setuid root as well?  What else uses it?  xterm (which itself is
> also setuid root)?

Better make xterm work without beeing suid root. xterm is more complex than
login.

 -tb