From owner-freebsd-security Tue Jul 16 07:34:23 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id HAA28367 for security-outgoing; Tue, 16 Jul 1996 07:34:23 -0700 (PDT) Received: from gatekeeper.fsl.noaa.gov (gatekeeper.fsl.noaa.gov [137.75.131.181]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id HAA28362; Tue, 16 Jul 1996 07:34:19 -0700 (PDT) Received: from emu.fsl.noaa.gov (kelly@emu.fsl.noaa.gov [137.75.60.32]) by gatekeeper.fsl.noaa.gov (8.7.5/8.7.3) with ESMTP id OAA26815; Tue, 16 Jul 1996 14:34:18 GMT Message-Id: <199607161434.OAA26815@gatekeeper.fsl.noaa.gov> Received: by emu.fsl.noaa.gov (1.40.112.4/16.2) id AA106977688; Tue, 16 Jul 1996 08:34:48 -0600 Date: Tue, 16 Jul 1996 08:34:48 -0600 From: Sean Kelly To: taob@io.org Cc: phk@freebsd.org, freebsd-security@freebsd.org In-Reply-To: (message from Brian Tao on Mon, 15 Jul 1996 22:36:24 -0400 (EDT)) Subject: Re: suidness of /usr/bin/login Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >>>>> "Brian" == Brian Tao writes: Brian> Does /usr/bin/login need to be setuid root? Since it Brian> is normally only called by telnetd (which already runs as Brian> root), does it have to be setuid root as well? What else Brian> uses it? getty also uses it. And in general, users are capable of typing exec /usr/bin/login to terminate one login session and start another, on the same tty/pty. In fact, csh/tcsh has a builtin `login' which does the exec. To offer this feature, it needs to be setuid-root. -- Sean Kelly NOAA Forecast Systems Laboratory kelly@fsl.noaa.gov Boulder Colorado USA http://www-sdd.fsl.noaa.gov/~kelly/