[934] in bugtraq
Re: Request for discussion.
daemon@ATHENA.MIT.EDU (Timothy Newsham)
Tue Feb 7 21:47:06 1995
From: newsham@aloha.net (Timothy Newsham)
To: bugtraq@fc.net
Date: Tue, 7 Feb 1995 15:53:01 -1000 (HST)
In-Reply-To: <199502070914.AA06524@mail.fwi.uva.nl> from "Casper Dik" at Feb 7, 95 10:14:54 am
> We don't run login set-uid and have done so for quite some time.
> You need to make sure that login checks the return values of setuid()
> though, or you'll have surprising effects. Login is usually started
> by root (from getty, ttymon, telnetd, rlogind, etc) and only seldom
> by normal users (login command in all shells).
>
> We have not noticed any adverse side effect of this change, the positive
> effects are:
> - one les set-uid program
> - impossible to remove you remote host entry from utmp/wtmp
> - impossible to hide who you are with:
> (login user) [subshell] follwoed by logout.
The same benefits/effects could be gotten by running login suid
but only allowing certain users (ie. the telnetd) to run it.
On systems with ACL's, like HPUX, this is trivial to do.
> Casper
