Date: Tue, 16 Jul 1996 08:34:48 -0600 From: Sean Kelly <kelly@fsl.noaa.gov> To: taob@io.org Cc: phk@freebsd.org, freebsd-security@freebsd.org Subject: Re: suidness of /usr/bin/login Message-ID: <199607161434.OAA26815@gatekeeper.fsl.noaa.gov> In-Reply-To: <Pine.NEB.3.92.960715223420.8904G-100000@zap.io.org> (message from Brian Tao on Mon, 15 Jul 1996 22:36:24 -0400 (EDT))
index | next in thread | previous in thread | raw e-mail
>>>>> "Brian" == Brian Tao <taob@io.org> writes:
Brian> Does /usr/bin/login need to be setuid root? Since it
Brian> is normally only called by telnetd (which already runs as
Brian> root), does it have to be setuid root as well? What else
Brian> uses it?
getty also uses it.
And in general, users are capable of typing
exec /usr/bin/login
to terminate one login session and start another, on the same tty/pty.
In fact, csh/tcsh has a builtin `login' which does the exec.
To offer this feature, it needs to be setuid-root.
--
Sean Kelly
NOAA Forecast Systems Laboratory kelly@fsl.noaa.gov
Boulder Colorado USA http://www-sdd.fsl.noaa.gov/~kelly/
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199607161434.OAA26815>